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I.  INTRODUCTION 


A  rededication  to  preparedness  is  perhaps  the  best  way  to  honor  the 
memories  of  those  we  lost  that  day.1 

A.  ENHANCING  PREPAREDNESS 

This  thesis  is  about  enhancing  preparedness  to  reduce  our  nation’s  vulnerability  to 
terrorist  attacks.  Specifically,  the  focus  is  on  the  process  of  creating  and  executing  plans 
in  a  way  that  makes  the  best  use  of  scarce  resources  for  the  goals  of  preventing  attacks 
and  protecting  our  citizens  and  critical  infrastructure.  Various  planning  methods  will  be 
examined  as  well  as  the  way  that  each  is  challenged  by  today’s  threat  environment. 


B.  CONTINUOUS  IMPROVEMENT 

The  goal  of  these  pages  is  to  assist  with  the  development  of  good  terrorism 
preparedness  plans,  but  perhaps  most  importantly,  to  present  a  mechanism  for  continuous 
improvement  of  those  plans,  an  element  that  is  often  overlooked  or  is  insufficiently 
robust,  regardless  of  which  planning  mechanism  is  used.  To  use  a  plan  for  the  sole 
purpose  of  setting  initial  conditions  is  fatal.  Without  a  dynamic,  continuously  improving 
cycle  of  planning,  we  can  never  hope  to  stay  ahead  of  a  sophisticated  adversary  who 
knows  how  to  use  asymmetric  techniques  to  leverage  weakness  into  strength.  This 
adversary  is  not  satisfied  with  developing  a  plan  and  putting  it  on  the  shelf.  Instead,  he  is 
always  scanning  the  environment  (our  environment),  probing  for  weaknesses,  building 
plans  that  show  promise  and  dropping  those  that  do  not  as  the  environment  changes; 
always  seeking  to  avoid  the  fatal  error  of  becoming  fixated  on  a  favorite  plan  and  blinded 
to  better  ones.  We  must  do  no  less. 

If  we  are  to  succeed  in  this  preparedness  mission,  we  must  understand  the  dangers 
that  are  unique  to  asymmetric  conflict  and  how  those  dangers  require  us  to  change  the 
way  we  plan  and  operate  so  that  we  can  maximize  our  preparedness.  Some  of  these 
threat  characteristics  will  be  presented  in  Chapter  II,  The  Post- 9/1 1  Threat  Environment. 

1  National  Commission  on  Terrorist  Attacks  Upon  the  United  States,  The  9/11  Commission  Report 
(New  York:  W.  W.  Norton  &  Company,  2004),  323. 
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Chapter  III,  Planning  to  Plan,  will  give  a  brief  overview  of  how  defense  planning 
has  changed  since  the  end  of  the  Cold  War,  and  why  the  new  threat  environment  has 
forced  military  and  homeland  security  planners  to  develop  new  planning  methodologies. 

Chapter  IV,  Tempo:  Using  Time  as  a  Tool  of  Strategy,  will  demonstrate  that 
planning  tempo  can  be  just  as  important  as  combat  tempo  in  gaining  and  maintaining 
one’s  advantage  over  an  adversary. 

Chapter  V,  It  Takes  a  Network,  will  introduce  some  of  the  ways  that  modern 
terrorist  organizations  have  adopted  network  characteristics  and  how  those  characteristics 
present  us  with  unique  challenges  and  opportunities.  One  of  the  lessons  of  network 
analysis  is  that  we  also  must  adopt  certain  network-like  characteristics  if  we  are  to 
succeed  in  a  struggle  against  a  networked  adversary. 

New  ways  of  collaborating,  planning,  tasking  intelligence  collection  and 
disseminating  intelligence  information  will  be  proposed  in  Chapter  VI,  A  Model  for  the 
Future.  The  9/11  Commission’s  four-step  protocol  for  planning  and  intelligence 
collection  will  be  presented,  along  with  the  essential  element  that  must  be  included  if 
their  protocol  is  to  succeed.  The  implications  of  the  decision  by  Congress  to  cancel  what 
might  have  been  the  only  serious  attempt  by  a  government  organization  to  implement  the 
9/1 1  Commission’s  protocol  will  also  be  considered. 

To  demonstrate  the  broad  applicability  of  the  principles  in  this  document,  the 
domestic  nuclear  weapon  facilities  owned  by  the  United  States  Department  of  Energy 
(DOE)  will  be  used  as  a  case  study  in  Chapter  VII,  Application  to  the  Department  of 
Energy.  DOE  has  a  robust  planning  strategy  that  avoids  many  of  the  pitfalls  of  other 
methods.  But  as  the  threat  has  grown  since  9/11,  DOE  is  understandably  wrestling  with 
new  challenges  to  its  dual  commitments  to  be  good  stewards  of  the  national  stockpile  of 
nuclear  weapons  and  the  taxpayers’  money.  DOE’s  planning  methodology  will  be 
presented,  along  with  an  analysis  of  how  it  might  be  strengthened  using  the  approach 
described  in  the  following  chapters. 

Chapter  VIII,  Conclusion,  will  revisit  the  importance  of  preparedness  and 
planning,  and  will  examine  the  9/11  Commission’s  “failure  of  imagination”  criticism  in 
light  of  the  approach  that  is  recommended  in  this  thesis. 
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II.  THE  POST-9/11  THREAT  ENVIRONMENT 


Iraq  has  become  a  point  of  attraction  and  restorer  of  (our)  energies. 

-  Osama  bin  Laden2 


The  lesson  of  9/1 1  for  civilians  and  first  responders  can  be  stated  simply: 
in  the  new  age  of  terror,  they — we — are  the  primary  targets.  The  losses 
America  suffered  that  day  demonstrated  both  the  gravity  of  the  terrorist 
threat  and  the  commensurate  need  to  prepare  ourselves  to  meet  it. 

-  The  9/11  Commission3 


A.  THE  ONLY  SUPERPOWER 

In  1991,  America’s  success  in  Operation  Desert  Storm  served  as  a  wake-up  call  to 
the  world  and  helped  lead  us  into  a  new,  but  significantly  more  dangerous  era.  As  global 
news  broadcasts  showed  live  coverage  of  the  unbelievable  speed  and  efficiency  with 
which  the  United  States  defeated  one  of  the  largest  military  forces  on  earth,  there  was  no 
doubt  that  the  world’s  only  remaining  superpower  could  not  be  seriously  challenged, 
much  less  defeated,  through  conventional  means.  Our  adversaries  have  begun  using,  and 
planning  to  use,  non-conventional  means  in  an  effort  to  force  us  to  respond  to  their 
political  agenda.  Homeland  security  practitioners  must  understand  the  nature  and 
implications  of  this  new  threat  environment. 


B.  THE  POWER  OF  ASYMMETRIC  CONFLICT 

If  someone  had  announced  in  the  early  hours  of  September  11,  2001  that  they 
would  destroy  the  World  Trade  Center  towers  in  New  York  City  with  a  few  box  cutters 
before  the  morning  was  over,  it  is  hard  to  imagine  that  anyone  would  have  taken  them 
seriously.  And  yet  that  is  what  happened  on  that  fateful  morning.  Such  is  the  power  of 
asymmetric  conflict.  The  combatant  who  is  skilled  in  asymmetric  conflict  finds  the 
adversary’s  weakness  and  leverages  it  into  overpowering  strength.  That  weakness  can  be 

2  From  transcript  of  a  recording  that  was  broadcast  worldwide  on  January  16,  2006. 

3  The  9/11  Commission  Report,  323. 


3 


physical,  such  as  an  insufficiently  protected  asset,  or  it  can  be  cognitive,  such  as  an 
insufficient  understanding  or  an  incorrect  assumption.  The  attacks  of  9/1 1  exploited  both 
types  of  weakness. 

After  the  end  of  the  Cold  War,  and  especially  since  9/11,  “[t]he  threat 
environment  expanded  from  a  strategic,  nuclear,  symmetric  threat  from  bombers, 
intercontinental  ballistic  missiles,  and  air-  or  sea-launched  cruise  missiles  to  a  continuing 
symmetric  threat,  and  an  emergent  asymmetric  threat,  which  was  focused  across  all 
domains,  borders,  and  agencies.”4 

The  above  description  is  particularly  useful  since  it  reminds  us  that  the  threat 
environment  has  expanded,  and  not  merely  shifted  from  one  type  of  threat  to  another. 
The  threat  of  traditional,  symmetric,  nation-against-nation  warfare  might  not  seem 
imminent  since  9/11,  but  it  has  never  gone  away. 

In  the  old  era  of  worrying  predominantly  about  symmetric  threats,  our  satellites 
and  spy  planes  produced  images  that  enabled  analysts  to  count  aircraft  and  troops,  to  find 
out  which  military  and  industrial  assets  were  being  moved  or  changed,  and  where  new 
factories  were  being  built.  The  domains  and  activities  of  our  Cold  War  opponents  were 
so  sprawling  and  slow  moving  that  we  were  able  to  maintain  a  reasonable  flow  of 
information  about  our  adversary’s  strengths  and  intentions  through  technical  means, 
informants  and  our  own  spies.  Such  is  not  the  case  in  the  new  threat  environment. 


C.  THE  “LOW  SIGNATURE”  ADVERSARY 

The  most  immediate  threat  to  the  homeland  is  the  low-signature  adversary.  That 
is,  the  terrorist  who  blends  in  so  well  with  the  population  he  or  she  plans  to  attack,  that 
there  are  few,  if  any,  opportunities  for  the  intended  victim  to  get  indications  or  warnings 
before  an  attack.  Many  of  the  terrorist’s  preparations  would  be  considered  legal  and 
perfectly  normal  to  an  observer.  Is  the  person  who  is  photographing  the  Golden  Gate 
Bridge  a  tourist  or  a  terrorist?  Is  the  person  who  is  purchasing  chemicals  at  the  farm 
supply  store  planning  to  feed  thousands  or  poison  them?  Intentions  make  all  the 

4  Joseph  R.  Inge  and  Eric  A.  Findley,  "North  American  Defense  and  Security  after  9/11,"  JFQ,  no.  40 
(First  quarter  2006):  24-25. 
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difference,  yet  intentions  rarely  announce  themselves  in  advance,  nor  do  they  leave  much 
of  a  paper  trail.  Today’s  terrorist  is  not  simply  willing,  but  often  is  planning  to  die  in  the 
process  of  carrying  out  an  attack,  a  characteristic  that  is  very  much  unlike  traditional, 
symmetric  threats.  Terrorists  are  determined,  innovative  and  able  to  carry  out 
coordinated  attacks  against  multiple  targets.  In  some  cases,  the  volunteer  who  will 
become  the  next  suicide  bomber  might  not  be  selected  until  the  day  of  the  bombing, 
making  it  virtually  impossible  to  know  in  advance  about  planned  terrorist  operations. 

Ambassador  Henry  Crumpton,  the  Department  of  State’s  Coordinator  for 
Counterterrorism,  describes  this  enemy  as  transformative,  and  the  new  battlefield  as 
global  and  rapidly  evolving.  He  told  Congress  that  this  new  enemy  is  becoming 
increasingly  lethal  as  they  learn  to  deploy  in  smaller  numbers,  or  perhaps  even  operate 
remotely.  This  enemy  sees  the  war  in  Iraq  as  both  a  training  center  and  an  indoctrination 
center  for  extremists  from  around  the  world.  This  enemy  wants  not  only  to  defeat  the 
coalition  that  invaded  Iraq,  but  they  want  to  defeat  the  very  idea  of  democracy  in  the 
Middle  East.5 

This  adversary  perfects  his  deadly  skill  by  participating  in,  or  at  least  learning 
from,  the  insurgency  operations  in  Afghanistan  and  Iraq.  In  fact,  those  operations  have 
been  characterized  as  the  most  effective  training  ground  for  terrorists.  Those  who  survive 
their  insurgency  operations  have  become  skilled,  combat-hardened  veterans  who  may 
then  train  others  and  export  their  terror  to  other  countries. 


D.  RETHINKING  INTELLIGENCE 

Ephraim  Kam,  reflecting  on  the  phenomenon  of  surprise  attacks,  wrote,  “History 
does  not  encourage  potential  victims  of  surprise  attack.  One  can  only  hope  to  reduce  the 
severity  -  to  be  only  partly  surprised,  to  issue  clearer  and  more  timely  warnings,  to  gain  a 
few  days  for  better  preparations  -  and  to  be  more  adequately  prepared  to  minimize  the 


5  Henry  A.  Crumpton,  "U.S.  Counterterrorism  Strategy  Update,"  in  House  International  Relations 
Committee  Subcommittee  on  International  Terrorism  and  Nonproliferation  held  in  Washington,  D.C., 
October  27,  2005,  U.S.  House  of  Representatives.  Available  [online]: 
http://usinfo.state.gov/is/Archive/2005/Oct/28-580190.html.  (accessed  January  26,  2006). 
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damage  once  a  surprise  attack  occurs.”6  In  a  similar  vein,  the  respected  analyst  of  the 
Pearl  Harbor  attack,  Roberta  Wohlstetter,  wrote,  “It  would  be  reassuring  to  believe  that 
Pearl  Harbor  was  just  a  colossal  and  extraordinary  blunder.  What  is  disquieting  is  that  it 
was  a  supremely  ordinary  blunder.”7 

History  tells  us  that  anticipating  surprise  attacks,  even  major  attacks  from  a 
symmetric  adversary  who  has  thousands  of  aircraft,  tanks  and  combatants,  is  difficult  to 
do.  Since  there  is  so  much  evidence  to  substantiate  the  difficulty  of  this  problem  when 
faced  with  a  large-scale  attack,  we  should  not  be  surprised  that  it  is  virtually  impossible 
to  get  advance  warning  of  a  low-signature  terrorist  attack.  Of  what  use,  then,  is 
intelligence  information  in  this  new  era? 

We  must  rethink  how  we  use  intelligence  in  the  post-9/11  era.  Although  we 
should  not  give  up  trying  to  develop  our  intelligence  capabilities  and  sources  to  the  point 
that  they  can  provide  us  with  good  indications  and  warnings,  we  must  never  presume  that 
those  resources  will  ever  be  able  to  tell  us  the  day  and  hour  of  an  impending  attack 
beforehand.  Instead,  we  must  put  most  of  our  intelligence  efforts  and  expectations  into 
helping  us  understand  our  enemy,  into  helping  us  know  how  an  attack  is  likely  to  occur 
so  we  can  take  measures  now  to  harden  targets  against  such  attacks.  We  must  also  ensure 
that  intelligence  and  threat  information  is  disseminated  as  widely  as  possible  so  that 
many  people  can  be  working  together  to  think  of  efficient  ways  to  harden  our  critical 
infrastructure  and  protect  our  citizens. 


6  Ephraim  Kam,  Surprise  Attack:  The  Victim's  Perspective  (Cambridge,  MA:  Harvard  University 
Press,  1988),  233. 

7  Roberta  Wohlstetter,  Pearl  Harbor:  Warning  and  Decision  (Stanford,  CA:  Stanford  University  Press, 
1962),  vii. 
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III.  PLANNING  TO  PLAN 


The  Allegan  County  Board  of  Commissioners  has  a  plan.  That  plan  is  to 
develop  a  plan  that  will  help  them  plan  out  their  long-term  strategic 
planning. 8 


A.  CHALLENGES  FOR  DEFENSE  AND  SECURITY  PLANNING 

Any  plan  worth  using  is  challenging  to  create.  One  reason  good  planning  is  hard 
to  do  is  that  planning  involves  contingencies  that  cannot  be  precisely  defined,  and  it  is 
hard  to  make  a  case  for  significant  allocation  of  resources  against  “soft”  contingencies. 
The  need  for  a  new  method  of  defense  planning  became  clear  at  the  end  of  the  Cold  War, 
when  the  United  States  no  longer  needed  to  maintain  a  force  structure  that  was  designed 
primarily  to  fight  a  war  against  one  or  two  nation-states.  The  system  that  has  evolved 
since  2001  is  applicable,  with  appropriate  modifications,  to  homeland  security. 


B.  THE  RISE  OF  CAPABILITIES-BASED  PLANNING 

A  system  called  Capabilities-Based  Planning  (CBP)  was  officially  embraced  by 
the  DoD  in  its  2001  Quadrennial  Defense  Review.9  CBP  has  been  defined  as  “planning, 
under  uncertainty,  to  provide  capabilities  suitable  for  a  wide  range  of  modern-day 
challenges  and  circumstances  while  working  within  an  economic  framework  that 
necessitates  choice.”10  This  definition,  has  been  adopted  for  use  in  Department  of 
Homeland  Security  policy,  and  can  be  dissected  into  three  basic  elements:  (1) 
uncertainty,  (2)  preparation  for  a  wide  range  of  challenges,  and  (3)  an  economic 
framework  that  necessitates  choice.  An  examination  of  those  elements  reveals  that  CBP 
is  not  a  radically  new  concept.  Each  of  those  elements  has  been  present  in  earlier  forms 
of  defense  planning,  usually  referred  to  as  threat-based  or  scenario-based  planning.  The 


8  Regan  Foster,  Holland  Sentinel,  July  2,  2004. 

9  The  timing  of  the  QDR  might  lead  one  to  the  conclusion  that  it  was  a  reaction  to  the  terrorist  attacks 
of  9/1 1.  In  fact,  the  QDR  report  was  almost  ready  for  final  publication  on  9/1 1,  and  was  officially  released 
less  than  three  weeks  later,  on  September  30,  2001. 

10  Paul  K.  Davis,  Analytic  Architecture  for  Capabilities-Based  Planning,  Mission-System  Analysis  and 
Transformation  (Washington,  D.C.:  RAND  National  Defense  Research  Institute,  2002),  1. 
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distinction  lies  in  the  emphasis  placed  upon  the  first  two  elements  of  the  definition, 
namely,  uncertainty  and  the  wide  range  of  challenges.  The  reasons  for  these  new 
emphases  are  described  below. 

1.  From  Relative  Certainty  To  Uncertainty 

Defense  planning  during  and  immediately  following  the  Cold  War  focused 
primarily  on  the  few  worst-case  scenarios  that  could  be  directed  at  us  by  more-or-less 
symmetric  adversaries.  The  prevailing  view  was  that  as  long  as  our  plans  and  capabilities 
were  sufficient  to  defend  against  those  worst-case  threats  or  scenarios,  then  we  could 
have  a  reasonable  level  of  assurance  that  our  capabilities  would  be  adequate  protection 
against  lesser  threats,  even  if  those  threats  had  not  been  envisioned  by  the  planners. 

The  Cold  War,  Soviet-centric  threat  was  risk- averse  and  had  no  interest  in  putting 
the  doctrine  of  Mutually  Assured  Destruction  to  the  test.  We  understood  the  Soviet 
Union  and  its  plans  for  war  reasonably  well;  well  enough,  at  least,  to  have  a  reasonable 
expectation  of  getting  some  measure  of  warning  of  an  impending  attack.  The  terrorist 
threat,  according  to  Paul  K.  Davis,  is  much  worse.  “Although  the  forces  involved  are 
small,  they  are  in  nearly  all  other  respects  more  troublesome:  They  have  positive 
incentives  (even  if  bizarre  by  our  reasoning)  to  use  WMD,  their  tactics  are  unpredictable, 
and  so  on.”11 

2.  From  Relatively  Limited,  To  Virtually  Unlimited,  Challenges 

In  the  above  quotation,  Davis  described  the  terrorists  as  having  and  using 
unpredictable  incentives  and  tactics,  even  to  the  point  of  desiring  to  use  weapons  of  mass 
destruction.  On  September  11,  2001,  the  North  American  Aerospace  Defense  forces 
were  prepared  for  an  invasion  by  foreign  combat  aircraft,  but  those  forces  were  not 
prepared  for  a  tactic  as  unpredictable  as  using  domestic,  commercial  airliners  as  guided 
missiles.  Terrorist  leaders  have  made  no  secret  about  their  desire,  and  their  religious 
justifications  and  clerical  authorizations,  for  using  all  possible  means,  including  nuclear 
weapons,  to  destroy  those  who  are  not  faithful  to  their  radical  brand  of  religion.  Since 
many  of  those  who  threaten  us  are  non-state  actors,  they  have  very  little  to  lose.  Even 
their  own  lives  are  of  little  value  to  them,  compared  to  the  benefits  of  paradise  which  they 
expect  to  receive  as  a  result  of  their  destructive  actions.  This  kind  of  threat  opens  up  an 

1 1  Davis,  Analytic  Architecture  for  Capabilities-Based  Planning,  17-18. 
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entirely  new  and  seemingly  endless  list  of  potential  attack  inodes  for  which  we  must 
prepare  and  against  which  we  must  defend.  The  Departments  of  Defense  and  Homeland 
Security  may  not  rely  simply  on  defending  against  one  threat  group  or  one  scenario. 

As  a  result  of  this  expansion  of  the  threat,  the  focus  of  the  Department  of  Defense 
has  now  moved  into  the  realm  of  acquiring  capabilities  to  enable  the  delivery  of  “effects” 
according  to  four  standards:12 

•  Scale  (size,  intensity) 

•  Temporal  aspects  (latency,  duration,  time -phased  application) 

•  Observability  aspects  (detection,  attribution) 

•  Spatial  aspects  (distance,  area) 

This  new  capabilities-based  focus  is  intended  to  provide  flexibility  to  address 
known  threats  as  well  as  those  for  which  no  explicit  plans  have  been  developed. 


C.  HOW  MUCH  IS  ENOUGH?  -  PART  I 

Despite  the  rapid  adoption  of  CBP  in  the  Departments  of  Defense  and  Homeland 
Security,  the  process  is  not  without  its  detractors.  One  particularly  critical  paper  on  the 
subject  expressed  concern  that  CBP,  at  least  as  it  was  initially  planned  for 
implementation  by  the  Bush  administration,  would  disconnect  requirements  from 
resources  and  make  it  very  difficult  for  the  military  services  to  know  when  they  have 
succeeded  in  doing  enough. 

Pure  capabilities-based  planning  would  be  like  outfitting  a  toolbox  with 
the  latest,  most  desirable  items  for  supporting  the  military  strategy.  But 
how  big  of  a  toolbox  should  you  build?  How  many  of  each  tool  do  you 
need?  How  many  of  these  tools  need  external  support  in  getting  to  the  job 
at  hand?  How  do  you  judge  along  the  way  if  you  are  meeting  defense 
objectives  if  there  exists  no  metric  against  which  to  measure  progress? 
Planning  in  such  a  vacuum  does  not  allow  an  honest,  accurate  assessment 
of  true  military  force  requirements  when  no  benchmark  conflicts  are 
offered.  Military  services  attempting  to  support  such  a  plan  will  find  it 


12  Ryan  Henry,  "Defense  Transformation  and  the  2005  Quadrennial  Defense  Review,"  Parameters  35, 
no.  4  (Winter  2005-06):  12. 
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difficult  to  budget  for  unknown  quantities  of  capabilities,  potentially 
resulting  in  service  rivalries  that  could  easily  drive  resource  requirements 
beyond  reach.13 

This  author  concluded  that  CBP,  more  so  than  older  defense  planning 
methodologies,  is  particularly  unhelpful  in  defining  how  much  capability  is  enough. 

Davis  helps  to  answer  this  question  by  pointing  out  that  CBP  needs  to  determine 
not  only  what  needs  to  be  done,  but  also  how  quickly  it  needs  to  be  done.14  Quickness,  in 
this  case,  may  be  measured  either  in  time  or  distance;  for  example,  a  requirement  to  halt 
an  advancing  adversary  (the  what)  within  24  hours  or  within  50  miles  (how  quickly).  A 
simple  example  helps  illustrate  Davis’  point.  If  the  healthcare  industry  in  a  fictitious 
nation  were  to  use  a  centralized  CBP  approach,  the  planners  might  wonder  how  many 
ambulances  the  country  would  need.  No  one  would  argue  that  ambulances  were  an 
essential  capability  for  the  healthcare  “toolbox,”  but  they  might  argue  about  how  many 
were  needed.  In  this  case,  the  primary  metric  for  this  decision  would  be  the  maximum 
number  of  minutes  allowable  from  the  time  an  ambulance  is  dispatched  until  it  arrives  on 
the  scene.  That  metric  would  not  be  strongly  dependent  upon  any  particular  scenario, 
other  than  allowing  for  normal  traffic  delays.  A  second  metric  would  be  an  estimate  of 
how  many  ambulances  might  need  to  be  dispatched  simultaneously  from  a  given  staging 
point,  based  upon  population  density  in  that  particular  area.  This  metric  might  be  much 
more  scenario-dependent,  and  would  have  to  be  carefully  thought  out  based  upon 
estimated  likelihood  of  potential  mass-casualty  incidents  such  as  natural  disasters,  large 
fires  or  accidents,  or  large-scale  terrorist  attacks.  Defining  how  quickly  effects  must  be 
delivered  helps  to  answer  what  kinds  of  capabilities  are  needed,  and  how  much  of  each 
kind.  In  other  words,  the  required  tempo  of  “effects  delivery”  -  whether  those  effects  are 
delivered  by  an  ambulance  crew  or  combat  air  support  -  helps  answer  the  question  of 
how  much  is  enough.  This  question  will  be  discussed  further  in  Chapter  6,  A  Model  for 
the  Future.  The  next  chapter  will  show  that  establishing  and  maintaining  another  kind  of 
tempo  in  the  months  and  years  before  an  attack  is  just  as  important  to  preparedness  as  is 
the  tempo  of  effects  delivery  during  the  response  and  recovery  phases. 

13  Jeffrey  B.  Kendall,  Capabilities-Based  Planning:  The  Myth  (National  Defense  University,  National 
War  College,  2002),  5. 

14  Davis,  Analytic  Architecture  for  Capabilities-Based  Planning,  xxii,  32. 
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IV.  TEMPO  -  USING  TIME  AS  A  TOOL  OF  STRATEGY 


This  day  ordinary  Americans  took  extraordinary  steps  to  help  their  fellow 
Americans  and  by  doing  so  gave  the  greatest  sacrifice.15 


A.  THE  MOST  IMPORTANT  CAPABILITY 

Effective  planning  for  preparedness  in  today’s  threat  environment  must  be  treated 
as  an  essential  capability.  In  their  draft  National  Preparedness  Goal,  DHS  has  stressed 
the  importance  of  planning  with  these  words:  “Planning  is  the  foundation  on  which  all 
other  capabilities  are  developed  and  enhanced,  and  is  essential  to  their  successful 
achievement.”16  Planning  for  homeland  defense  and  homeland  security  should  be 
thought  of  as  a  technological  capability  that  must  be  developed  and  kept  current.  We 
must  never  assume  that  today’s  planning  technology  will  be  adequate  for  tomorrow’s 
threats. 

The  previous  chapter  described  the  shift  from  threat-  and  scenario-based  planning 
to  the  capabilities  based  planning  approach  now  being  used  by  the  Departments  of 
Defense  and  Homeland  Security.  Critical  Infrastructure  Protection  (CIP)  analysts  must 
be  mindful  of  more  than  just  their  planning  methodology,  however.  They  also  must  be 
aware  of  their  planning  tempo.  Military  planners  are  familiar  with  the  concepts 
associated  with  the  tempo  of  combat;  concepts  which  include  things  such  as  the  intensity 
of  combat,  the  frequency  and  duration  of  effects  delivery,  the  rate  of  resupply  -  in 
general,  the  overall  intensity  and  rate  at  which  events  unfold  during  combat.  Combat 
tempo  is  designed  to  put  the  enemy  off  balance  and  keep  him  always  in  a  reactive  mode. 
Cold  War  planners  were  relatively  safe  in  maintaining  a  steady  and  more  or  less 
symmetric  planning  tempo  on  both  sides  of  the  conflict.  It  was  much  easier  for  Cold  War 
opponents  to  keep  an  eye  on  each  other,  knowing  that  any  worrisome  upgrade  to  military 
capabilities  would  take  years  to  accomplish  and  would  be  accompanied  by  many 


15  From  Angels  of  Freedom  plaque,  Flight  93  Crash  Site,  Shanksville,  PA. 

16  Department  of  Flomeland  Security,  Final  Draft  of  National  Preparedness  Goal  (Washington,  D.C.: 
Department  of  Flomeland  Security,  December,  2005),  87. 
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opportunities  to  discern  the  opponent’s  intentions.  Today’s  planners  must  move  beyond 
the  outdated  notion  of  a  slow-moving  and  slow-planning  adversary  if  they  are  to  avoid  a 
tempo  deficit  that  would  give  an  asymmetric  advantage  to  would-be  terrorists. 


B.  PRELUDE  TO  ACTION:  COLONEL  BOYD’S  ‘OODA  LOOP’ 

Air  Force  Colonel  John  Boyd  (1937-1997)  developed  a  useful  means  of  looking  at 
the  cycle  of  planning  and  action.  He  and  his  colleagues  prepared  a  diagram  that  is 
designed  to  help  understand  the  mental  processes  of  observation,  orientation,  decision 
and  action  that  fighter  pilots  unconsciously  go  through  multiple  times  per  second  during 
aerial  combat.  His  Observe  -  Orient  -  Decide  -  Act  diagram,  or  “OODA  Loop”  is  shown 
in  Figure  1.  The  OODA  Loop  concept  has  been  applied  to  processes  as  diverse  as 
combat  training  and  business  competition.  The  straightforward  nature  of  the  Observe  - 
Orient  -  Decide  -  Act  nomenclature  belies  the  subtlety  and  power  of  Colonel  Boyd’s 
conception,  however. 


Observe  Orient 


Decide  Act 


Figure  1 .  Colonel  John  Boyd’s  OODA  Loop 

Source:  http ://en. wikipedia. org/wiki/OOD A  loop 
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The  reason  for  the  popularity  and  broad  application  of  Colonel  Boyd’s  idea  is  not 
merely  its  somewhat  intuitive  progression  from  observation  to  orientation,  decision  and 
action,  but  because  of  the  notion  that  success  is  achieved  by  being  able  to  cycle  through 
one’s  OODA  loop  faster  and  more  effectively  than  one’s  adversary  or  competitor. 
Colonel  Boyd  believed  that  if  a  combatant  could  observe  his  adversary’s  actions  with 
sufficient  frequency  and  clarity,  with  constant  feedback  about  the  adversary’s  maneuvers 
and  counter-maneuvers,  he  would  begin  to  get  an  intuitive  sense  that  would  help  him 
anticipate  his  opponent’s  next  move.  The  pilot  who  could  achieve  this  intuitive  sense 
during  aerial  combat  would  have  an  enonnous  advantage,  even  if  his  adversary  happened 
to  be  flying  a  superior  aircraft.  This  is  not  an  attempt  to  achieve  some  sort  of  mystical 
clairvoyance,  but  rather  to  acquire,  gather  and  understand  information  at  a  rate  sufficient 
to  know  how  this  particular  adversary  operates.  This  idea  is  sometimes  referred  to  as 
“operating  inside  the  enemy’s  (competitor’s)  OODA  loop.”  Boyd’s  biographer  wrote 
that  understanding  this  process  enables  a  commander  to  compress  the  time  between 
observation  and  action,  and  to  use  this  advantage  to  confuse  the  enemy  by  acting  in  an 
unexpected  manner.  These  two  factors  -  time  compression  and  unexpected  action  -  can 
cause  confusion  and  an  inefficient  use  of  time  by  the  adversary.17 

Boyd  believed  that  some  kind  of  OODA  Loop  advantage  accounted  for  the  ten-to- 
one  kill  ratio  advantage  that  American  F-86  pilots  maintained  over  their  MiG- 15  pilot 
counterparts  during  the  Korean  war,  even  though  the  American  pilots  had  not  been 
trained  in  advanced  OODA  Loop  techniques.  The  MiG- 15  was  an  aerodynamically 
superior  aircraft,  yet  Boyd  concluded  that  two  characteristics  of  the  F-86  made  its 
superior  combat  performance  possible.  First,  the  design  of  the  F-86  cockpit  canopy 
provided  a  greater  field  of  view  than  did  the  MiG- 15  canopy.  This  canopy  gave  the 
American  pilots  more  opportunity  to  accurately  observe  and  orient  himself  during  combat 
maneuvers,  and  therefore  a  greater  opportunity  to  decide  and  act  more  effectively  and 
rapidly  so  as  to  confuse  and  outmaneuver  the  enemy  pilot.  Second,  the  hydraulic  controls 


17  Robert  Coram,  Boyd:  The  Fighter  Pilot  Who  Changed  the  Art  of  War  (Boston:  Little,  Brown  & 
Company,  2002),  336. 
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in  the  F-86  allowed  the  American  pilots  to  maneuver  faster  and  more  often  than  the  pilots 
of  the  MiG- 15  who  would  become  fatigued  trying  to  keep  up  using  flight  controls  that 
took  more  physical  energy  to  operate. 

This  powerful  concept  of  “operating  inside  the  enemy’s  OODA  loop”  is 
applicable  to  homeland  security  and  counterterrorism  planning  in  at  least  two  ways.  As 
its  name  implies,  the  “Observe”  function  in  the  OODA  loop  reveals  the  necessity  of 
maintaining  awareness  of  one’s  environment.  In  a  homeland  security  setting,  this  means 
that  CIP  planners  must  have  a  steady  stream  of  detailed  information  about  demonstrated 
terrorist  tactics  as  well  as  intelligence  about  possible  terrorist  plans.  Even  if  the 
intelligence  about  the  terrorists’  plans  is  of  undetermined  credibility,  it  still  provides  the 
analyst  with  an  increasing  sense  of  what  could  happen  in  the  future.  The  second  way  in 
which  the  OODA  loop  applies  to  counterterrorism  planning  can  be  seen  by  observing  the 
“Orient”  portion  of  the  diagram.  Orientation  is  the  filter  through  which  all  facts  and 
events  are  processed.  If  a  CIP  analyst  is  viewing  the  unfolding  environment  through  a 
faulty  orientation  filter  that  hinders  accurate  assessments  of  the  threat,  then  the  analyst 
must  engage  in  robust  collaboration  with  others  as  well  as  consume  a  steady  stream  of 
new  infonnation  to  help  overcome  that  bias.  The  more  times  an  analyst  can  cycle 
through  the  OODA  loop  -  observing  the  threat  situation,  orienting  to  new  information, 
testing  biases  and  theories,  reorienting  and  observing  again  -  the  more  likely  that  analyst 
will  be  able  to  get  an  intuitive  feel  for  the  way  the  adversary  thinks  and  plans.  This  deep 
understanding  of  the  adversary  will  help  the  analyst  anticipate  innovative  attack  scenarios 
and  then  develop  the  means  to  defend  against  those  scenarios  so  as  to  protect  the  people 
and  places  he  or  she  is  charged  to  protect. 


C.  A  TRAGIC  ILLUSTRATION 

One  of  the  clearest  illustrations  of  the  OODA  Loop  principle  occurred  on 

September  11,  2001.  The  passengers  of  each  of  the  four  hijacked  flights  were  aware  for 

many  minutes  that  their  aircraft  had  been  hijacked.  Using  the  terminology  of  Boyd’s 

diagram,  the  passengers  had  abundant  opportunity  to  observe  new  information  about 

“unfolding  circumstances”  and  were  undoubtedly  trying  to  figure  out  how  to  properly 

orient  themselves  and  their  actions  to  that  information.  In  particular,  they  were  using 
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their  experience  and  analysis/synthesis  skills  (see  inside  the  “Orient”  box  in  Figure  1)  to 
help  them  decide  what  to  do.  Their  experience  told  them  that  hijackings  had  always  been 
used  as  a  tool  to  force  a  government  to  negotiate  with  the  hijackers,  that  hijackers  were 
not  likely  to  be  suicidal,  and  the  passengers  would  be  released  after  the  hijackers  were 
reasonably  sure  their  demands  would  be  met.  Our  hindsight  tells  us  that  on  9/11, 
experience  was  a  faulty  guide  for  knowing  what  to  do  during  a  hijacking.  The  hijackers 
reinforced  this  misunderstanding  by  telling  the  passengers  that  everything  would  be  fine 
if  they  just  complied  with  orders.  The  hijackers  were  shrewdly  exploiting  an  asymmetric 
advantage  of  information,  and  had,  in  essence,  hijacked  the  passengers’  ability  to 
properly  orient  to  what  was  really  happening.  Tragically,  the  deception  was  successful 
on  three  of  the  hijacked  aircraft.  By  9:37  a.m.,  two  planes  had  crashed  into  the  World 
Trade  Center  towers  and  one  into  the  Pentagon.  That  is  when  things  began  to  change  on 
United  Flight  93,  originally  bound  for  San  Francisco,  but  later  diverted  toward  our 
nation’s  capitol.  As  telephone  conversations  between  Flight  93  passengers  and  observers 
on  the  ground  began  to  bring  fresh  information  about  unfolding  circumstances,  the 
passengers  were  gaining  better  “visibility”  of  what  was  really  going  on.  This  new 
information  enabled  them  to  overcome  the  incorrect  biases  caused  by  their  accurate 
recollections  of  previous  hijackings.  The  passengers’  newly  corrected  orientation 
allowed  them  to  adjust  their  decisions  and  their  actions.  They  began  a  counterattack 
against  the  hijackers  in  the  cockpit  at  9:57  a.m.,  approximately  29  minutes  after  the 
hijacking  began.  The  hijackers,  realizing  they  could  not  make  it  to  their  intended 
destination,  crashed  the  plane  into  an  open  field  near  Shanksville,  Pennsylvania  at  10:02 
a.m.  The  passengers’  adjusted  orientation  and  corresponding  actions  enabled  them  to 
bravely  protect  the  lives  of  an  unknown  number  of  people  who  would  have  died  minutes 
later  in  Washington,  D.C. 

Meanwhile,  “orientation  filters”  were  being  recalibrated  at  FAA  headquarters  as 
well.  For  more  than  two  years,  since  August,  1999,  the  FAA  intelligence  office  had 
thought  about  the  possibility  of  a  suicide  hijacking  but  considered  it  unlikely.  On  this 
misunderstanding,  the  9/11  Commission  wrote: 
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The  FAA  analysts  judged  [a  suicide  hijacking]  unlikely,  because  ‘it  does 
not  offer  an  opportunity  for  dialogue  to  achieve  the  key  goal  of  obtaining 
Rahman  and  other  key  captive  extremists.  ...  A  suicide  hijacking  is 
assessed  to  be  an  option  of  last  resort.  ’  Analysts  could  have  shed  some 
light  on  what  kind  of  ‘opportunity  for  dialogue’  al  Qaeda  desired.  The 
CIA  did  not  write  any  analytical  assessments  of  possible  hijacking 
scenarios.18 

The  FAA  analysts  had  assumed,  based  upon  their  accurate  recollections  of  past 
hijackings,  that  any  hijacking  by  terrorists  would  be  for  the  purpose  of  negotiation  (for 
Sheik  Rahman’s  release  from  prison,  for  example).  If  those  analysts  had  been  aware  of, 
and  heeded,  the  CIA’s  intelligence  reporting,  they  would  have  known  that  al  Qaeda  was 
more  interested  in  killing  Americans  than  in  negotiating  with  them.  This  fact  is  painfully 
obvious  to  us  now,  but  it  was  less  so  before  9/11.  A  clear  understanding  of  al  Qaeda’s 
intentions  might  have  motivated  the  FAA  to  increase  aviation  security  as  a  deterrence 
measure  against  all  hijackings,  regardless  of  the  motivation  behind  the  hijackings. 

The  testimony  of  Richard  Clarke  before  the  9/11  Commission  reveals  why  the 
facts  that  are  so  obvious  to  us  now  were  not  so  obvious  before  September  11,  2001.  Mr. 
Clarke,  the  National  Counterterrorism  Coordinator  from  1997  through  2001,  told  the 
Commission  that  the  warning  about  the  possibility  of  a  suicide  hijacking  would  have 
been  just  one  more  speculative  theory  among  many,  hard  to  spot  since  the  volume  of 
warnings  of  “al  Qaeda  threats  and  other  terrorist  threats,  was  in  the  tens  of  thousands  - 
probably  hundreds  of  thousands.”19  Mr.  Clarke’s  statement  suggests  that  too  few  people 
had  access  to  enough  of  the  facts  to  enable  a  process  of  sorting  through  the  “speculative 
theories”  and  prioritizing  them  for  actions  as  simple  as  hardening  cockpit  doors. 

The  events  of  9/1 1  demonstrate  the  value  of  information  sharing  for  CIP  analysts; 
specifically  the  value  of  sharing  infonnation  about  new  tactics  being  used  by  terrorists 
and  insurgents  as  well  as  information  about  what  the  terrorists  might  be  thinking  about 
doing  in  the  future.  The  information  must  be  sufficiently  fresh  and  unprocessed  to 
contain  the  subtleties  analysts  need  if  they  are  to  understand  and  overcome  their  own 


18  The  9/11  Commission  Report,  345. 

19  The  9/11  Commission  Report,  345. 
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biases,  continuously  test  their  own  theories  and  adjust  them  as  needed.  Collaboration 
with  other  CIP  analysts  and  with  experts  in  areas  such  as  intelligence  will  help  identify 
biases  and  blind  spots. 

Homeland  security  planners  are  defending  against  a  sophisticated  foe.  The  daily 
news  from  Afghanistan  and  Iraq  continues  to  reveal  the  insurgent’s  effective  use  of  agile 
planning,  effective  observation,  and  skilled  refinement  of  tactics.  CIP  analysts  put 
themselves  at  a  disadvantage  when  they  try  to  respond  to  a  high-speed,  well-informed 
adversary  with  sluggish  planning  and  outdated  presumptions  that  remain  unchallenged. 
Allowing  one’s  enemy  to  gain  an  asymmetric  advantage  in  the  areas  of  infonnation, 
planning  and  preparedness  is  to  increase  the  probability  of  being  surprised  by  -  and 
unprepared  for  -  the  next  attack. 
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V.  IT  TAKES  A  NETWORK 


Whoever  masters  the  network  form  first  and  best  will  gain  major 
advantages.20 


A.  TERRORIST  NETWORKS 

The  most  basic  definition  of  a  network  is  a  collection  of  nodes  and  links  that 
connect  pairs  of  nodes.21  Nodes  can  be  almost  anything,  from  people  or  computers  to 
cities  or  railway  terminals.  The  variety  of  links  can  be  just  as  diverse,  including  such 
things  as  transmission  lines,  roadways  and  railroad  tracks. 

The  radical  Islamist  terrorist  coalition  has  been  described,  studied  and  analyzed  as 
a  network.  Marc  Sageman  describes  how  network  analysis  can  be  used  to  design  a 
strategy  for  dealing  with  terrorists.  He  uses  the  technical  tenn  “scale  free  network”  to 
describe  the  particular  characteristics  of  the  jihadist  organization,  and  then  points  out  the 
strengths,  weaknesses  and  potential  strategies  associated  with  this  type  of  network: 

This  type  of  network  is  robust  and  resists  random  attack.  Stopping 
terrorists  randomly  at  our  borders  will  not  affect  its  structure.  It  may  stop 
terrorists  from  coming  here,  but  will  leave  the  network  undisturbed. 
However,  it  is  vulnerable  to  targeted  attack,  namely  against  its  hubs.  If  the 
hubs  are  destroyed,  the  system  breaks  down  into  isolated  nodes.  The  jihad 
will  be  incapable  of  mounting  sophisticated  large  scale  operations  like  the 
9/11  attacks  and  be  reduced  to  small  attacks  by  singletons.  It  is  of  course 
possible  for  such  nodes  to  try  to  become  hubs  and  create  their  own  little 
networks.  Ahmed  Ressam  tried  to  recruit  new  untrained  collaborators  in 
the  Millennial  Plot  after  his  original  co-conspirators  were  unable  to  travel 
to  Canada.  But  such  operations  have  not  generally  been  successful.  The 
hubs  are  vulnerable  because  most  communications  go  through  them.  By 
following  communications  back  to  them,  good  police  work  would  be  able 
to  identify  and  arrest  these  human  hubs.  This  strategy  has  already  shown 
considerable  success.22 


211  John  Arquila,  David  Ronfeldt,  and  Michele  Zanini,  "Networks,  Netwar  and  Information-Age 
Terrorism,"  in  Countering  the  New  Terrorism,  ed.  RAND  National  Defense  Research  Institute 
(Washington,  D.C.:  RAND,  1999),  55. 

21  Ted  G.  Lewis,  "Critical  Infrastructure  Protection  in  Homeland  Security:  Defending  a  Networked 
Nation"  (unpublished  manuscript,  Naval  Postgraduate  School,  Monterey,  California,  2004). 

22  From  a  presentation  entitled  “Global  Salafi  Jihad”  given  by  Dr.  Marc  Sageman  to  the  Department  of 
Energy,  Pantex  Plant,  Amarillo,  TX,  May  17,  2004. 
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This  description  of  the  jihadist  network  begins  to  suggest  that  our  strategies  to 
defend  against  it  and  defeat  it  require  a  new  kind  of  thinking  and  planning. 


B.  RESILIENCY  OF  NETWORKS 

Dr.  Sageman’s  description  of  the  global  terrorist  network,  of  which  al  Qaeda  is 
only  a  small  part,  indicates  that  individual  terrorists  may  be  removed  without  seriously 
hanning  the  overall  network.  He  also  points  out  that  scale  free  networks  are  vulnerable 
to  attacks  against  their  hubs.  Hubs  are  nodes  -  people  in  this  case  -  who  are  more  highly 
connected  than  most  other  people  in  the  network.  These  nodes  represent  the  terrorist 
leaders.  Sageman  suggests  that  if  terrorist  leaders  are  eliminated,  this  will  have  the  effect 
of  breaking  the  overall  network  down  into  a  set  of  smaller  subnetworks  which  would  be 
unlikely  to  have  the  resources  to  coordinate  and  execute  major  terrorist  attacks.  It  is 
possible  that  the  Global  War  on  Terrorism  led  by  the  United  States  has  had  this  effect  on 
al  Qaeda,  at  least  temporarily,  and  that  is  why  there  have  been  no  major  attacks  against 
our  homeland  since  9/11.  The  insurgencies  in  Afghanistan  and  Iraq  have  shown, 
however,  that  numerous  smaller  attacks  may  be  sustained  in  spite  of  the  disruption  caused 
by  the  loss  of  key  terrorist  leaders. 

Networks,  by  nature,  are  strongly  decentralized.  In  a  twist  of  irony,  al  Qaeda’s 
strong  commitment  to  operations  security  might  have  harmed  their  ability  to  coordinate 
large  attacks.  Sageman  suggests  that  al  Qaeda’s  penchant  for  security  causes  them  to  act 
more  like  a  hierarchy  than  a  network  in  some  ways.  In  particular,  their  tight  security 
procedures  force  them  to  rely  too  heavily  on  their  vertical,  leader-to-subordinate, 
communication  links.  Such  heavy  dependence  upon  those  links  makes  them  more 
vulnerable  to  discovery,  interception  and  destruction,  and  it  prevents  the  extended 
network  from  having  enough  links  to  achieve  maximum  success  in  field  operations.  In 
fact,  Sageman  goes  so  far  as  to  say  that  the  field  successes  that  al  Qaeda  has  achieved 
was  largely  due  to  individual  terrorists  violating  their  own  rules  of  tradecraft.23  If  this  is 
true,  it  would  be  worth  further  study  to  see  whether  eliminating  leadership  “hubs”  from  a 
hybrid  hierarchy/network  has  the  unexpected  effect  of  increasing  the  effectiveness  of  the 
remaining  terrorists  by  forcing  them  to  operate  in  a  more  agile,  network-like  manner. 

23  Sageman,  “Global  Salafi  Jihad”  presentation. 
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C.  NETWORK  VS.  NETWORK 

Network  analysts  who  apply  their  techniques  to  the  study  of  terrorist 
organizations  often  say  that  it  takes  a  network  to  fight  a  network  because  a  hierarchical 
command  structure  is  at  a  disadvantage  when  trying  to  oppose  a  networked  structure.24 
The  reason  for  this  is  that  the  nodes  (people)  in  a  networked  organization  are  much  more 
highly  connected  to  other  nodes  than  are  those  in  a  typical  hierarchical  structure.  Using 
the  terminology  from  Boyd’s  OODA  diagram  in  chapter  4,  we  would  say  that  the  people 
in  a  networked  organization  have  better  situational  awareness,  or  more  opportunity  to 
“observe,”  because  they  have  more  links  from  which  to  gather  new  information,  and  the 
information  they  get  is  disseminated  more  rapidly.  They  are  correspondingly  better  able 
to  “orient”  to  the  new  information  because  of  the  greater  opportunities  for  collaboration 
and  interaction  with  people  with  diverse  expertise  and  experience.  All  of  these  features 
give  the  networked  organization  the  ability  to  plan,  communicate  and  move  resources 
much  more  quickly  than  they  would  if  all  information  and  resources  were  passed  to,  then 
distributed  piecemeal  from,  a  distant  centralized  command  headquarters.  Arquila,  et  al., 
cite  criminal  organizations,  Colombian  drug  cartels,  persistent  religious  movements  in 
Algeria  and  the  Zapatista  movement  in  Mexico  as  examples  of  the  ability  of  relatively 
small  networked  organizations  to  continually  frustrate  the  larger  hierarchical  government 
structures  that  attempt  to  suppress  or  eliminate  them.  They  suggest  that  governments 
must  adopt  the  same  network  design  principles  as  their  adversaries,  particularly  a 
“willingness  to  innovate  organizationally  and  doctrinally,  and  by  building  new 
mechanisms  for  interagency  and  multijurisdictional  cooperation.”25 


D.  ADVANTAGES  OF  A  NETWORK 

When  it  comes  to  planning  for  preparedness,  a  networked  organization  has  several 
advantages  over  a  hierarchical,  bureaucratic  organization.  The  following  paragraphs 
describe  some  of  those  advantage-producing  characteristics  and  why  they  are  useful  in 
today’s  CIP  organizations. 


24  Lewis,  "Critical  Infrastructure  Protection  in  Homeland  Security” 

25  Arquila,  et  al..  Countering  the  New  Terrorism,  55. 
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1.  Interconnectedness 

Interconnectedness,  in  this  context,  is  an  expression  of  the  need  to  maximize  the 
number  of  sources  of  relevant  information.  The  need  for  relevance  might  mean  that  some 
sources  should  be  discontinued  or  monitored  only  infrequently,  and  that  other  sources 
should  be  cultivated.  Interconnectedness  is  another  way  of  saying  “network”  except  with 
a  greater  emphasis  upon  the  flow  of  ideas  and  infonnation  between  participants. 
Interconnectedness  implies  that  participants  have  ready  access  to  much  more  infonnation 
than  that  available  from  just  their  bosses  and  immediate  co-workers.  This  access  to 
information  is  necessary,  even  if  the  participants  are  in  a  hierarchical  organization  from  a 
chain-of-command  perspective.  Interconnectedness  is  the  organizational  “highway” 
upon  which  collaborative  interactions  may  travel.  Without  it,  collaboration  is  severely 
weakened,  or  rendered  impossible. 

2.  Timeliness  Of  Information 

It  should  go  without  saying,  yet  we  dare  not  leave  it  unsaid,  that  timeliness  of 
information  is  essential  to  success.  Timeliness  of  infonnation  is  an  essential 
characteristic  for  any  organization  that  seeks  to  “operate  inside  the  enemy’s  OODA 
loop.”  For  the  passengers  of  Flight  93  on  9/1 1,  a  delay  of  just  a  few  minutes  in  receiving 
the  bias-correcting  information  about  the  hijackings  and  crashes  of  the  other  three  flights 
would  have  been  too  late.  It  is  true  that  in  the  case  of  intelligence  analysis,  there  is  a 
tradeoff  between  accuracy  and  timeliness.  The  accuracy  of  an  intelligence  report  might 
increase  if  the  analyst  is  given  more  time  to  assimilate  and  verify  infonnation  from 
multiple  sources.  Critical  infrastructure  protection  analysts  must  help  intelligence 
analysts  know  the  appropriate  balance  between  accuracy  and  timeliness.  Miller  put  it 
well  when  he  said,  “Accuracy  is  a  relative  term,  though.  If  increasing  the  accuracy  of  a 
product  causes  excessive  delays  in  getting  the  information  to  the  user,  it  simply  becomes 
highly  accurate,  but  unusable,  ‘news.’”26  The  9/11  Commission’s  final  report  showed 
clearly  that  too  much  delay  in  gathering  and  connecting  all  the  intelligence  “dots”  turned 
what  might  have  been  an  opportunity  for  prevention  into  a  major  news  event. 


26  Mark  E.  Miller,  The  Integration  of  Operations  and  Intelligence:  Getting  Information  to  the 
Warfighter  (Air  Command  and  Staff  College,  Research  Department,  1997),  11,  AU/ACSC/0362/97-03. 
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3.  Information  Sharing  Environment 

The  9/11  Commission  devoted  so  much  space  in  their  final  report  to  the 
institutionalized  withholding  of  information  inside  government  agencies  that  the  result 
should  have  been  to  embarrass  governmental  institutions  into  fixing  the  problem  as 
quickly  as  possible.  But  it  takes  work  to  make  information  sharing  happen,  especially 
when  the  old  model  of  information  ownership  fits  in  so  much  better  with  established 
modes  of  agency  and  employee  recognition. 

The  current  administration  has  taken  some  steps  to  create  a  culture  of  information 
sharing.  For  example,  through  the  Executive  Order  entitled  Further  Strengthening  the 
Sharing  of  Terrorism  Information  to  Protect  Americans,  the  President  of  the  United 
States  has  ordered  federal  agencies  to  enhance  information  sharing  through  such  actions 
as:27 

•  giving  the  highest  priority  to,  among  other  things,  the  interchange  of 
terrorism  information  among  agencies  (including  State,  local,  tribal  and 
private), 

•  promptly  giving  access  to  the  terrorism  information  to  the  head  of  each 
other  agency  that  has  counterterrorism  functions, 

•  cooperating  and  facilitating  production  of  reports  based  on  terrorism 
information,  and 

•  preparing  terrorism  information  for  maximum  distribution  (emphasis 
added). 

The  President’s  direction  addresses  interconnectedness  by  including  a  diverse 
group  of  agencies  (state,  local,  etc.)  and  by  requiring  “maximum  distribution”  of 
terrorism  information.  Such  direction  from  the  President  of  the  United  States  will,  over 
time,  ease  the  ability  of  organizations  to  establish  linkages  with  other  organizations.  This 
was  a  necessary  step  of  high-level  policy,  but  it  is  not  a  sufficient  step  for  ensuring 
adequate  infonnation  sharing  in  the  near  tenn.  The  momentum  must  be  generated  and 
sustained  through  lower  level  policies  and  procedures  that  receive  continuous 
encouragement  and  oversight  by  the  President  and  Congress. 


27  U.S.  President.  Executive  Order.  “Further  Strengthening  the  Sharing  of  Terrorism  Information  to 
Protect  Americans.”  (27  October  2005).  Available  [Online]: 

http://www.whitehouse.gov/news/releases/2005/10/print/20051025-5.html.  (accessed  February  3,  2006). 
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Other  enablers  of  information  withholding  are  more  subtle.  The  final  report  of  the 
Commission  on  the  Intelligence  Capabilities  of  the  United  States  Regarding  Weapons  of 
Mass  Destruction  (“WMD  Commission”)  revealed  some  surprising  ways  that  information 
sharing  can  be  subconsciously  hindered  by  our  rules  on  classification  and  handling  of 
sensitive  information.  For  example,  some  documents  are  stamped  with  the  caveat, 
ORCON,  meaning  “originator  controlled.”  The  WMD  Commission  said  this  caveat  gives 
the  wrong  impression  that  the  collectors  of  intelligence  “own”  the  information  and  should 
control  access  to  it.  The  WMD  Commission’s  report  to  the  President  also  cited  an 
historical  imbalance  between  protecting  sources  and  methods  and  the  appropriate 
dissemination  and  sharing  of  information.  They  called  for  all  intelligence  information  to 
be  submitted  by  the  collectors  into  an  “Information  Sharing  Environment”  that  would 
balance  protection  and  dissemination.28  These  observations  by  the  WMD  Commission 
are  infonnative,  but  they  will  not,  by  themselves,  generate  the  necessary  changes  in 
executive  agencies  without  constant  Presidential  attention. 

4.  Integration  vs.  Synchronization 

Since  9/11,  much  has  been  said  about  the  need  to  “connect  the  dots,”  referring  to 
the  need  to  get  all  the  disparate  pieces  of  intelligence  and  other  information  into  one 
place  where  analysts  can  begin  to  put  them  together  into  an  overall  picture.  Perhaps  the 
dots  that  are  in  most  need  of  being  connected  are  the  ones  within  and  between  the  myriad 
governmental  organizational  charts.  For  example,  the  diverse  elements  of  operations  and 
intelligence  are  often  seen  as  two  areas  that  need  to  be  synchronized  for  maximum 
effectiveness;  that  is,  intelligence  information  would  be  asked  for  and  provided  at  just  the 
right  time  to  support  the  operation.  But  synchronization  is  not  the  same  as  collaboration. 
One  can  envision  the  operations  expert  and  the  intelligence  analyst  each  staying  within 
the  bounds  of  their  own  organizations  and  exchanging  just  enough  information  for  the 
operation  to  succeed.  Mark  Miller  says  that  rather  than  synchronizing  them,  “we  should 
be  making  strides  to  integrate  the  two  disciplines.  ...  This  mentality  encourages 
development  of  a  team  that  will  strive  to  accomplish  a  common  goal.”29  Miller’s 
expression  of  integration  is  very  close  to  collaboration.  He  continues: 

28  The  Commission  on  the  Intelligence  Capabilities  of  the  United  States  Regarding  Weapons  of  Mass 
Destruction,  Report  to  the  President  of  the  United  States  (Washington,  D.C.,  2005),  443-444. 

29  Miller,  The  Integration  of  Operations  and  Intelligence,  2. 
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It  is  not  enough  for  the  intelligence  community  to  improve  its  support  to 
military  operations;  the  operations  community  must  do  its  part  to 
communicate  focused  requirements  that  must  be  satisfied  within  the 
intelligence  cycle.  This  can  only  be  accomplished  by  understanding  the 
capabilities  of  the  intelligence  community  as  well  as  the  limitations. 
Operators  must  make  a  dedicated  effort  to  include  their  Intel  counterparts 
in  all  aspects  of  planning  and  execution  and  stop  the  process  of  using  Intel 
to  “fill  gaps”  in  the  plan.  The  frequently  observed  “just  tell  me  what  I  need 
to  know”  attitude  must  disappear.  Only  then  will  Ops  and  Intel  be 
integrated  into  a  truly  efficient  team.30 

Intelligence  simply  must  situate  itself  within  the  operational  cycle  rather 
than  outside  it.  In  other  words,  the  intelligence  collection,  production,  and 
dissemination  cycle  must  be  compressed  so  that  it  fits  within  the 
operational  cycle  for  targeting  to  support  strike  and  restrike  operations.”31 

Miller  promotes  integration  in  his  thesis,  but  the  benefits  he  is  describing  are  the 
fruits  of  something  even  greater  than  integration,  and  that  is  collaboration,  a  subject  that 
will  be  discussed  more  thoroughly  in  the  next  chapter.  Miller’s  promotion  of  integration 
seems  to  be  based  on  the  assumption  that  integration  necessarily  leads  to  collaboration. 
In  the  dynamic  world  of  combat  operations,  this  assumption  is  very  likely  to  be  valid. 
Where  the  pace  is  markedly  more  deliberate,  however,  as  it  is  in  strategic  planning 
environments,  a  lack  of  collaboration  would  not  be  as  immediately  obvious,  and 
integration  alone  might  be  insufficient.  In  homeland  security  planning  environments 
however,  a  call  for  integration  might  lead  to  the  misunderstanding  that  only  two 
organizations  are  involved  (intelligence  and  operations,  for  example),  and  that  embedding 
one  of  them  into  the  other  would  fix  everything.  Homeland  security  planning  involves  a 
multitude  of  organizations  at  the  federal,  state  and  local  levels  of  government,  and 
collaboration  must  be  possible  even  where  integration  is  not  possible. 


30  Miller,  The  Integration  of  Operations  and  Intelligence,  3 

31  Ibid.,  12. 
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VI.  A  MODEL  FOR  PREPAREDNESS 


Surprise  ...  includes  gaps  in  intelligence,  but  also  intelligence  that,  like  a 
string  of  pearls  too  precious  to  wear,  is  too  sensitive  to  give  to  those  who 
need  it.32 

The  previous  chapters  presented  the  case  that  the  unique  nature  of  today’s  threat 
environment  must  cause  CIP  organizations  to  carefully  and  deliberately  design  their 
approaches  to  such  things  as  planning  methodology,  planning  tempo  and  willingness  to 
adopt  network-like  characteristics.  This  chapter  will  introduce  the  9/11  Commission’s 
recommended  approach  to  planning  and  intelligence  collection,  and  will  present  the  case 
that  effective  collaboration  is  needed  to  pull  these  other  elements  together  in  a  coherent 
and  effective  way. 


A.  COLLABORATION:  THE  ESSENTIAL  ELEMENT  OF  PREPAREDNESS 

The  concept  of  collaboration  has  been  mentioned  several  times  in  the  preceding 
pages,  and  this  section  will  expand  upon  the  definition  and  benefits  of  collaboration. 
William  Pelfrey  reports  that  collaboration  has  been  called  “ the  most  essential  element  in 
the  cycle  of  preparedness ,”33  The  following  example  of  pre-9/11  interactions  at  the 
highest  level  of  government  will  prepare  the  way  for  an  examination  of  this  bold 
assertion  that  collaboration  is  the  most  essential  element  in  the  context  of  preparedness. 

Just  one  week  before  the  9/11  terrorist  attacks,  National  Counterterrorism 
Coordinator,  Richard  Clarke,  wrote  a  memo  to  the  National  Security  Advisor  in  which  he 
presented  the  view  that  al  Qaeda  was  a  nuisance  that  killed  a  few  Americans  every  1 8  to 
24  months.  Another  school  of  thought  viewed  al  Qaeda  as  the  “point  of  the  spear  of 
radical  Islam.”  The  9/11  Commission  criticized  the  government  for  not  forcing  this 
argument  into  the  open  and  letting  those  with  diverse  opinions  enter  into  a  debate  on  this 
subject.34  Instead,  each  person  or  small  group  held  their  opinions  in  a  vacuum,  and  the 

debate  about  the  extent  of  the  al  Qaeda  threat  did  not  rise  to  a  level  that  would  have 

3-  Wohlstetter,  Pearl  Harbor,  viii. 

33  William  V.  Pelfrey,  "The  Cycle  of  Preparedness:  Establishing  a  Framework  to  Prepare  for  Terrorist 
Threats,"  Journal  of  Homeland  Security’  and  Emergency  Management  2,  no.  1  (2005):  8. 

34  The  9/11  Commission  Report,  343. 
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required  further  exploration  or  action.  The  9/11  Commission  report  goes  into  further 
detail  about  the  White  House  meetings  and  memos  on  the  subject  of  the  threat  posed  by 
al  Qaeda.  Were  these  people  collaborating?  The  fact  that  people  are  meeting  together 
does  not  necessarily  indicate  that  collaboration  is  occurring. 

To  realize  that  the  word  is  a  combination  of  “co-“  (meaning  with  or  together)  and 
“labor”  is  to  begin  to  get  at  the  heart  of  the  power  of  collaboration.  Those  who  are 
collaborators  are  not  so  simply  because  they  have  been  directed  to  be  in  the  same  room  or 
on  the  same  conference  call  with  one  another.  Collaboration  goes  beyond  mere  physical 
or  virtual  proximity.  True  collaborators  are  “co-laborers”  with  each  other  in  practice,  not 
just  in  name.  This  idea  of  laboring  together  conveys  a  unity  of  purpose  and  an  equality  of 
rank,  at  least  in  the  sense  of  an  equal  ability  to  be  heard  and  recognized  during  debate. 
James  Surowiecki’s  book,  The  Wisdom  of  Crowds,  offers  several  compelling  examples  of 
the  value  of  collaboration  within  groups,  as  well  as  the  tragic  consequences  that  can 
occur  when  groups  merely  meet  together  but  fail  to  collaborate.  The  vital  element  that 
seems  to  determine  whether  collaboration  is  real  or  imagined  is  an  effective  means  of 
extracting  and  aggregating  the  information  of  everyone  in  the  group.  Surowiecki  claims 
that  the  intelligence  community’s  inability  or  unwillingness  to  aggregate  the  information 
and  judgments  of  everyone  who  could  have  had  some  input  to  the  pre-9/11  discussions 
was  a  vital  failure  in  preventing  the  9/11  attacks.35 

1.  The  Crucible  of  Collaboration 

If  we  juxtapose  the  preceding  discussion  about  collaboration  alongside  the 
“Orientation”  phase  of  John  Boyd’s  OODA  Loop  (Figure  1),  we  find  that  this  alignment 
highlights  one  of  the  greatest  benefits  of  a  strongly  collaborative  environment,  and  that  is 
the  opportunity  for  peers  to  hold  each  other  accountable  for  their  biases.  Biases  are 
inevitable,  but  they  are  dangerous  when  they  are  unrecognized,  denied  or  unchallenged. 
As  new  ideas  and  information  are  brought  into  view,  biases  must  be  self-challenged  and 
group-challenged.  All  participants  must  be  willing  to  discard  biases  that  cannot 
withstand  this  crucible  of  collaboration. 


35  James  Surowiecki,  The  Wisdom  of  Crowds  (New  York:  Anchor  Books,  2005),  78. 
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One  of  the  greatest  hindrances  to  collaboration  within  and  among  government 
agencies  is  the  bureaucratic  friction  that  makes  effective  collaboration  difficult  or 
impossible.  Like  the  energy-draining  controls  of  the  MiG- 15  aircraft  mentioned  in 
Chapter  4,  bureaucratic  friction  can  drain  the  energy  of  those  who  want  to  innovate  and 
collaborate,  but  find  the  friction  simply  too  powerful  to  overcome.  More  often  than  not, 
bureaucratic  friction  is  assumed  to  be  a  necessary  evil  of  government  bureaucracies.  The 
nearly  universal  understanding  of  the  equivalent  term,  “red  tape,”  reveals  the  presumed 
inevitability  of  such  friction.  A  close  examination  of  each  bit  of  friction-producing  red 
tape  reveals  the  almost  universally  benevolent  rationale  that,  perhaps  generations  ago, 
intended  to  provide  protection  against  wasteful  spending  or  violations  of  civil  rights. 
Without  tearing  down  essential  protections,  CIP  and  intelligence  organizations  must 
remove  all  hindrances  to  effective  information  sharing  and  collaboration.  Any  attempt  to 
protect  the  homeland  without  demanding  and  ensuring  effective  collaboration  within  and 
among  all  appropriate  agencies  is  to  guarantee  our  unpreparedness  for  future  attacks.  It  is 
with  good  reason  that  collaboration  -  actual  co-laboring  -  has  been  described  as  the  most 
essential  element  in  the  cycle  of  preparedness. 

B.  WHERE  THERE  IS  NO  VISION,  THE  PEOPLE  PERISH36 

There  must  be  something  deep  within  the  human  heart  that  ensures  our  immunity 
and  reflexive  resistance  to  being  ordered  to  do  the  very  things  we  most  need  to  do  to 
survive.  For  example,  statistics  and  our  own  casual  observations  reveal  just  how 
effective  are  the  frequent  exhortations  for  us  as  a  nation  to  eat  properly  and  exercise 
regularly.  Similarly,  a  mandate  for  something  as  important  as  collaboration  within  the 
homeland  security  community  might  cause  meetings  to  happen  and  money  to  be  spent, 
but  it  will  not  result  in  real  collaboration,  at  least  not  as  it  is  described  in  these  pages.  To 
try  to  force  collaboration  rather  than  engendering  a  vision  for  it  is  to  harden  the  victims  of 
the  mandate  against  the  very  idea,  evoking  the  familiar  bureaucratic  mantra  that 
“someday,  this  too  shall  pass.”  Recognizing  this  aspect  of  human  nature  is  the  first  step 
in  addressing  the  problem.  Collaboration  should  be  treated  as  a  vision  that  must  be 
caught.  We  must  be  imaginative  in  creating  the  need  and  desire  for  collaboration. 

36  Proverbs  29:18  (King  James  Version) 
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The  9/11  Commission  wrote  that  even  before  9/11  various  government  agencies 
had  considered  the  idea  of  terrorists  using  hijacked  aircraft  as  guided  missiles,  but  each 
one  discarded  it  from  further  consideration.  The  Commission  added,  “The  challenge  was 
to  flesh  out  and  test  those  scenarios,  then  figure  out  a  way  to  turn  a  scenario  into 
constructive  action.”37  The  notion  of  “fleshing  out  and  testing  scenarios”  begs  for  a 
collaborative  planning  environment.  The  idea  of  establishing  such  an  environment,  and 
using  it  in  the  manner  recommended  in  the  literature  developed  in  the  years  following 
Pearl  Harbor,  seems  to  be  the  crucial  piece  that  was  missing  from  pre-9/11 
counterterrorism  planning.  It  is  imperative  that  every  person  responsible  for 
counterterrorism  -  whether  elected  official,  head  of  an  agency  or  entry-level  analyst  - 
must  catch  this  part  of  the  9/11  Commission’s  vision  and  push  it  forward  as  fast  and  as 
far  as  possible.  The  remainder  of  this  chapter  is  designed  to  present  the  details  of  the 
9/11  Commission’s  strategy  and  combine  it  with  the  elements  from  the  preceding 
chapters  (planning  methodology,  planning  tempo,  and  the  characteristics  of  networks, 
including  collaboration)  to  provide  a  framework  for  CIP  planners  to  advance  the 
effectiveness  of  their  own  processes. 

1.  The  Intelligence  Cycle 

The  process  by  which  the  consumers  of  intelligence  information  submit  their 
requests  for  new  information,  and  how  that  information  is  collected,  processed  and 
disseminated  is  referred  to  as  The  Intelligence  Cycle.  One  way  of  illustrating  this  process 
is  shown  in  Figure  2,  below. 

As  with  so  many  other  concepts  in  the  field  of  protection  planning,  the  metaphor 
of  a  cycle  is  useful.  A  cyclical  process  implies  that  there  is  no  final  end  state;  that  the  job 
is  never  finished  completely.  In  fact,  when  it  comes  to  preparedness  planning,  going 
through  the  cycle  effectively  is  the  job.  The  goal  is  to  expand  the  two-dimensional  cycle 
into  a  three-dimensional  spiral,  where  the  third  dimension  represents  increasing 
effectiveness.  A  spiral  shows  continuous  improvement,  whereas  a  cycle  that  is  confined 
to  two  dimensions  represents  going  in  circles,  always  doing  the  same  thing,  with  hardly  a 
thought  about  how  to  make  things  better. 

37  The  9/11  Commission  Report,  346. 
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Figure  2.  Typical  Presentation  of  the  Intelligence  Cycle 

Intelligence  expert  Mark  Lowenthal  knows  from  firsthand  experience  that  the 
level  of  communication  between  collector  and  consumer  implied  by  the  diagram  of  the 
intelligence  cycle  is  often  not  an  accurate  reflection  of  the  real  situation.38  The 
intelligence  community  often  produces  new  reports  based  upon  old  requests  and 
entrenched  reporting  patterns,  even  when  no  one  is  asking  for  the  specific  information 
contained  in  the  latest  reports.  This  is  an  example  of  going  in  circles,  rather  ascending 
the  spiral  of  increasingly  effective  tasking,  collection  and  reporting.  The  intelligence 
community  needs  feedback  from  the  consumers  of  the  intelligence  information  so  that 
collection  and  processing  resources  may  be  directed  to  the  areas  where  they  are  most 
needed. 

2.  The  Essential  Vision 

The  9/11  Commission  had  much  to  say  about  the  process  of  intelligence 
collection  tasking  and  reporting.  In  its  final  report,  the  Commission  described  the 
intelligence  community’s  significant  effort  to  study  the  phenomenon  of  surprise  attack 
after  the  Japanese  attack  on  Pearl  Harbor.  The  various  reports  that  emerged  from  this 

38  Mark  M.  Lowenthal,  Intelligence:  From  Secrets  to  Policy  (Washington,  D.C.:  CQ  Press,  2003),  50- 
51. 


31 


research  presented  recommendations  in  a  variety  of  ways,  but  the  9/11  Commission 
observed  that  they  tended  to  have  four  elements  in  common.  The  Commission  also 
asserted  that  if  the  intelligence  community  had  tried  to  implement  these  four  steps,  the 
attacks  of  9/11  might  have  been  avoided.  The  four  elements,  as  they  were  presented  in 
the  9/11  Commission’s  final  report,  are:39 

1 .  Think  about  how  surprise  attacks  might  be  launched. 

2.  Identify  telltale  indicators  connected  to  the  most  dangerous  possibilities. 

3.  Where  feasible,  collect  intelligence  on  these  indicators. 

4.  Adopt  defenses  to  deflect  the  most  dangerous  possibilities  or  at  least 
trigger  an  earlier  warning. 

A  cursory  examination  of  these  elements  reveals  that  the  third  step  is  the  entry 
point  into  the  traditional  intelligence  cycle  shown  in  Figure  2.  The  first  two  steps, 
therefore,  should  be  directed  by  the  consumer  to  focus  intelligence  collection  to  look  for 
potential  attack  preparations.  In  other  words,  the  consumer  should  not  be  merely  a 
passive  observer  of  the  stream  of  reports  that  come  from  the  intelligence  community,  but 
must  be  an  active  participant  in  directing  the  collection  of  new  intelligence. 

The  only  problem  with  the  Commission’s  four  step  planning  protocol  is  that  its 
potential  benefit  can  be  neutralized  by  attempting  to  implement  it  in  a  hierarchical,  stove- 
piped  fashion  rather  than  in  a  collaborative,  networked  fashion.  Each  step  should  be 
implemented  in  a  highly  collaborative  environment  using  a  group  of  people  with  a  broad 
range  of  expertise  and  backgrounds. 

3.  Step  1:  “Think  About  How  Surprise  Attacks  Might  Be  Launched” 

Security  experts  come  face-to-face  with  a  dilemma  when  they  contemplate  this 
component  of  the  9/11  Commission’s  recommendation  to  institutionalize  imagination.  It 
is  easy  to  believe  that  using  imagination  to  come  up  with  scenarios  can  contribute  more 
to  the  problem  than  to  the  solution,  because  unbridled  imagination  can  produce  a  limitless 
supply  of  scenarios  which  exploit  the  vulnerabilities  in  countless  targets.  There  is  no  end 
to  the  number  of  potential  scenarios.  Many  of  them  seem  credible,  yet  the  nation’s  entire 
gross  domestic  product  would  not  be  sufficient  to  eliminate  all  of  them  from  the  realm  of 
possibility.  How  is  it  possible  to  reconcile  the  tension  between  failure  of  imagination  at 

39  The  9/1 1  Commission  Report,  346. 
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one  extreme,  and  the  paralysis  created  by  too  much  imagination  at  the  other  extreme? 
Clearly,  what  is  needed  is  not  unbridled  imagination,  but  educated  imagination. 

Once  again,  collaboration  provides  the  means  to  deal  with  the  abundant  “fruits”  of 
imagination.  Intelligence  analysts  might  not  be  organizationally  embedded  into  the 
offices  of  CIP  or  Vulnerability  Assessment  analysts,  but  the  two  groups  should  be  so 
tightly  integrated  in  practice  that  they  each  benefit  from  frequent  and  dynamic 
collaboration  with  each  other.  As  each  begins  to  develop  a  deep  understanding  of  the 
needs  and  capabilities  of  the  other,  they  can  begin  to  agree  on  which  scenarios  are  most 
likely  to  occur,  and  which  would  have  the  highest  consequences.  Even  if  this 
collaboration  does  not  result  in  eliminating  multitudes  of  scenarios  from  the  list  of 
possibilities,  it  can  at  least  provide  a  way  to  prioritize  them  so  that  intelligence  collection 
and  resources  may  be  directed  against  the  most  likely  scenarios. 

The  Department  of  Homeland  Security  (DHS)  created  an  innovative  approach  to 
thinking  about  how  surprise  attacks  might  be  launched.  DHS  formed  a  team  called  the 
Analytic  Red  Cell  with  the  stated  goal  of  “promoting  imaginative  thinking  about  threats, 
vulnerabilities,  and  countermeasures.”40  This  group  challenges  prevailing  views  and 
assumptions  and  tries  to  “get  inside”  the  mind  of  an  adversary  in  an  effort  to  anticipate 
adversary  planning.  Perhaps  the  most  innovative  aspect  of  the  Analytic  Red  Cell 
Program  is  not  its  goals,  but  its  use  of  collaboration  as  the  central  element  to  accomplish 
those  goals.  The  core  staff  of  federal  and  contractor  employees  is  supplemented  by 
“hundreds  of  experts,  creative  thinkers,  and  individuals  from  around  the  country  and 
world,  including  academics,  psychologists,  scientists,  novelists,  screenwriters,  military 
war-gamers,  special  operations  forces,  cyber  experts,  think  tanks,  and  industry 
specialists.”41  Using  individuals  with  such  diverse  backgrounds  (and  even  nationalities) 
maximizes  opportunities  for  “getting  inside  the  adversary’s  mind”  for  the  purpose  of 
anticipating  attack  modes. 


40  From  an  undated  DHS  information  sheet  on  the  Analytic  Red  Cell  Program. 

41  Ibid. 
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Naysayers  might  argue  that  exercises  such  as  this  would  generate  better  novels 
than  realistic  attack  scenarios.  That  might  be  true,  but  during  this  initial  stage,  it  is 
important  to  get  all  ideas  out  in  the  open  and  begin  to  categorize  them  in  various  ways. 
There  will  be  opportunities  in  later  steps  to  prioritize  the  scenarios  based  upon  an 
estimate  of  the  probability  of  likelihood  of  each  scenario  or  category.  It  is  also  important 
to  realize  that  during  this  early  phase  of  the  planning  process,  it  is  not  necessary  to 
divulge  potential  vulnerability  information  to  participants  who  do  not  have  the 
appropriate  security  clearances. 

4.  Step  2:  “Identify  Telltale  Indicators  Connected  to  the  Most 
Dangerous  Possibilities” 

The  Department  of  Homeland  Security  has  provided  the  homeland  security 
community  with  a  variety  of  capabilities-based  planning  tools,  including  the  National 
Planning  Scenarios,  the  Universal  Task  List  and  the  Target  Capabilities  List.  The 
National  Planning  Scenarios  give  parameters  for  a  variety  of  natural  and  man-made 
disasters  so  that  analysts  will  have  a  place  to  begin  their  preparedness  planning.  The 
Universal  Task  List  (UTL)  is  a  reference  menu  of  tasks  which  public  and  private 
organizations  must  cooperatively  achieve  in  order  to  address  major  events.  The  Target 
Capabilities  List  (TCL)  describes  the  capabilities  that  will  be  needed  to  perform  some  of 
the  most  critical  tasks  in  the  UTL.  As  they  deal  with  scenarios,  tasks  and  capabilities  to 
prepare  for  disasters,  homeland  security  planners  should  realize  that  potential  adversaries 
must  go  through  a  similar  process  in  order  to  create  a  disaster.  This  fact  is  the  basis  for 
the  second  step  in  the  9/11  Commission’s  process,  that  of  identifying  telltale  indicators 
connected  to  the  most  dangerous  possibilities.  In  essence,  this  step  is  a  matter  of 
determining  the  adversary’s  UTL  and  TCL  for  each  scenario.  The  9/11  hijacker’s  need 
for  training  on  how  to  fly  large  commercial  airliners  is  an  example  of  a  target  capability 
that,  had  it  been  identified  soon  enough,  could  have  led  to  a  greater  opportunity  to 
“connect  the  dots”  of  information  that  had  already  been  gathered  before  the  attacks 
occurred. 

Looking  for  telltale  indicators  might  mean  using  old  sources  of  information  in 
new  ways.  For  example,  one  of  the  tasks  that  terrorists  must  perfonn  well  if  they  are  to 
be  successful  is  to  maintain  public  support  in  their  home  countries.  Public  support  is 
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needed  to  fund  their  operations  and  to  minimize  interference  from  law  enforcement.  This 
task  (one  element  of  the  terrorist’s  UTL)  depends,  in  turn,  upon  the  terrorist’s  capabilities 
(from  their  TCL)  for  using  the  media  to  communicate  their  message.  One  of  the  telltale 
indicators  that  the  intelligence  community  should  monitor  is  the  shift  in  rhetoric  and 
metaphor  used  by  the  media  in  Islamic  countries  to  shape  public  opinion  about  the  United 
States,  its  allies,  and  their  operations.  George  Lakoff  describes  how  the  use  of  metaphor 
was  used  by  the  White  House  to  prepare  the  United  States  for  the  first  Gulf  War  in  1991. 
Lakoff  argues  that  even  if  the  U.S.  had  not  been  so  clear  in  stating  its  intentions  over  a 
period  of  many  months,  Saddam  Hussein  should  have  known  an  attack  was  coming 
because  of  the  government’s  use  of  strong  metaphorical  language.42  This  technique 
might  provide  useful  telltale  indicators  that  terrorists  are  attempting  to  build  support  for 
new  attacks. 

As  with  all  other  parts  of  the  planning  process,  “looking  for  telltale  indicators” 
cannot  be  successfully  accomplished  in  a  vacuum.  Analysts  need  a  continuous  stream  of 
information  on  the  latest  tactics  being  used  by  terrorists.  The  data  needs  to  be  sufficiently 
detailed  and  unprocessed  to  allow  an  analysis  of  the  trajectory  of  technological  and 
tactical  developments.  If  current  collection  and  reporting  methods  do  not  include  this 
level  of  detail,  a  field  analyst  in  any  agency  should  be  allowed  to  present  a  case  for 
asking  the  intelligence  collectors  to  modify  their  collection,  analysis  and  reporting  of 
post-event  data.  If  analysts  are  able  to  synthesize  a  postulated  trajectory  of  enemy 
tactical  development,  this  could  be  used  to  assess  and  adjust  the  protection  of  critical 
infrastructure  elements,  predict  future  developments,  and  possibly  even  generate  new  and 
better  intelligence  tasking  to  look  for  additional  precursors. 

Once  again,  collaboration  is  an  essential  element  for  success  in  this  part  of  the 
process  as  well.  In  his  testimony  before  the  9/11  Commission,  the  acting  director  of  the 
Defense  Intelligence  Agency  stated,  “Information  considered  irrelevant  noise  by  one  set 


42  George  Lakoff,  "Metaphor  and  War:  The  Metaphor  System  Used  to  Justify  War  in  the  Gulf,"  speech 
delivered  to  Audience  at  Alumni  House,  January  30,  1990,  University  of  California,  Berkeley,  Berkeley, 
CA,  http://lists.village.virginia.edu/sixties/HTML_docs/Texts/Scholarly/Lakoff_Gulf_Metaphor_l.html. 
(accessed  February  4,  2006). 
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of  analysts  may  provide  critical  clues  or  reveal  significant  relationships  when  subjected  to 
analytic  scrutiny  by  another.”43  This  is  a  strong  argument  both  for  collaboration  and 
information  sharing. 

5.  Step  3.  “Where  Feasible,  Collect  Intelligence  on  These  Indicators” 

The  two  previous  steps  provide  the  foundation  for  entry  into  the  traditional 
intelligence  cycle.  That  is,  they  create  the  ability  to  focus  intelligence  collection  requests 
to  generate  actionable  information,  and  to  improve  future  collection  requests.  Returning 
to  John  Boyd’s  OODA  Loop  analogy,  the  CIP  and  intelligence  analysts  must  be  able  to 
receive  new  and  relevant  information  in  a  timely  manner  (“observe”),  assess  the  meaning 
of  this  new  information  in  collaboration  with  others  (“orient”),  and  then  decide  what  new 
information  or  action  is  needed  to  broaden  the  understanding  of  the  adversary.  If  this 
OODA  Loop  process  can  be  operated  efficiently  and  in  a  timely  fashion,  the  analyst 
teams  have  a  much  better  chance  of  asking  for  the  right  “dots”  and  then  connecting  them 
in  a  way  that  allows  for  the  most  relevant  use  of  protection  resources  and  which 
maximizes  the  potential  for  disrupting  attacks  in  the  planning  or  early  execution  stages. 

The  9/11  Commission  described  this  stage  in  the  process  as  getting  the 
intelligence  system  “tuned  to  comprehend  the  potential  significance”  of  the  information  it 
is  collecting.44  The  Commission  cited  as  negative  examples  the  July  2001  FBI  report 
about  potential  terrorist  interest  in  aircraft  training,  and  the  August  2001  arrest  of 
Zacarias  Moussaoui  after  he  behaved  suspiciously  in  flight  school.  Since  the  national 
intelligence  community  had  not  collaborated  to  think  of  possible  scenarios  and  generate 
lists  of  tasks  and  capabilities  needed  by  the  adversaries  to  accomplish  the  scenarios,  the 
intelligence  system  had  not  been  “tuned”  to  understand  the  significance  of  this 
information  about  strange  behavior  in  flight  schools. 

The  Defense  Advanced  Research  Projects  Agency  (DARPA),  tested  a  remarkable 
program  that  perfonned  the  first  three  steps  of  this  planning  protocol.  DARPA’ s 
approach  sounds  somewhat  like  datamining,  but  with  a  fundamental  difference. 
Datamining  is  an  unguided  scan  of  large  amounts  of  data  to  find  patterns  that  look 

43  Testimony  ofRADM  Lowell  E.  Jacoby,  9/11  Commission  hearings,  “Information  Sharing  on 
Terrorism-Related  Data.”  1  October  2002.  Available  [online]:  http://9- 
llcongress.netfirms.com/Jacobv.html.  (accessed  February  5,  2006). 

44  The  9/1 1  Commission  Report,  347. 
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suspicious.  Because  datamining’s  success  depends  upon  having  a  huge  quantity  and 
diversity  of  information  upon  which  to  operate,  privacy  advocates  have  expressed 
concerns  about  the  loss  of  civil  liberties  that  datamining  could  cause.  DARPA’s 
approach  on  the  other  hand,  used  the  first  two  steps  of  the  9/11  planning  protocol  to 
implement  the  third  step.  That  is,  the  DARPA  method  resulted  in  a  very  targeted  scan  of 
databases  to  look  for  evidence  that  certain  scenario-dependent  tasks  and  capabilities  were 
being  pursued  by  would-be  terrorists.  Dr.  Tony  Tether,  Director  of  DARPA,  described 
this  program  to  Congress  in  the  following  manner: 

Our  approach  starts  with  developing  attack  scenarios,  which  are  used  to 
find  specific  patterns  that  could  indicate  terrorist  plans  or  planning.  These 
scenarios  would  be  based  on  expert  knowledge  from  previous  terrorist 
attacks,  intelligence  analysis,  new  information  about  terrorist  techniques, 
and/or  from  wargames  in  which  clever  people  imagine  ways  to  attack  the 
United  States  and  its  deployed  forces.  The  basic  approach  does  not  rely 
on  statistical  analysis  to  discover  unknown  patterns  for  creating  predictive 
models.  Instead,  we  start  with  expert  knowledge  to  create  scenarios  in 
support  of  intelligence  analysis  versus  a  data  mining  approach  that  scans 
databases  for  previously  unknown  correlations. 

The  scenarios  would  then  be  reduced  to  a  series  of  questions  about  which 
data  would  provide  evidence  that  such  attacks  were  being  planned.  We 
call  these  scenarios  “models,”  and  they  are,  essentially,  hypotheses  about 
terrorist  plans.  Our  goal  is  to  detect  data  that  supports  the  hypotheses.45 


DARPA’s  imaginative  attempt  to  implement  the  9/11  Commission’s 
recommendations  unfortunately  was  derailed  by  Congressional  action  after  pressure  from 
a  vocal  minority  overruled  the  technical  and  privacy  merits  of  the  program.  This 
Congressional  action  might  very  well  have  further  solidified  the  institutional  inertia  that 
suppresses  imagination  in  government  bureaucracies  and  makes  innovators  either  look 
outside  government  for  employment  or  decide  that  the  safest  career  path  is  to  avoid  being 
imaginative.  Success  in  the  task  of  preparedness  might  very  well  depend  upon  future 
Congressional  encouragement  of  these  kinds  of  innovative  programs,  rather  than  their 
elimination. 

45  Testimony  by  Dr.  Tony  Tether,  Director,  Defense  Advanced  Research  Projects  Agency,  in 
Subcommittee  on  Technology’,  Information  Policy,  Intergovernmental  Relations,  and  the  Census  held  in 
Washington,  D.C.,  May  6,  2003,  U.S.  House  of  Representatives  (Washington,  D.C. ,  2003). 
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6.  Step  4.  “Adopt  Defenses  to  Deflect  the  Most  Dangerous  Possibilities 
or  at  Least  Trigger  an  Earlier  Warning” 

This  final  step  of  the  9/11  Commission’s  recommendation  occurs  after  the  first 
three  steps  have  successfully  returned  data  which  indicates  that  a  particular  method  of 
attack  is  of  concern.  Danger,  or  risk,  involves  a  mixture  of  threat,  vulnerability,  and 
consequences.  Proper  interpretation  of  these  variables  may  be  known  only  within  the 
context  of  an  integrated,  collaborative  environment.  To  try  to  accomplish  this  step  in  a 
vacuum  is  to  invite  poor  prioritization,  over-spending  to  defend  against  less  urgent  threats 
and  under-spending  to  defend  against  more  urgent  ones. 


C.  HOW  MUCH  IS  ENOUGH?  -  PART  II 

Defenses  cannot  achieve  perfect  safety.  They  make  targets  harder  to 
attack  successfully,  and  they  deter  attacks  by  making  capture  more  likely. 

Just  increasing  the  attacker’s  odds  of  failure  may  make  the  difference 
between  a  plan  attempted,  or  a  plan  discarded.  The  enemy  also  may  have 
to  develop  more  elaborate  plans,  thereby  increasing  the  danger  of 
exposure  or  defeat.46 

The  first  step  in  the  9/11  Commission’s  planning  protocol  is  to  generate  potential 
attack  scenarios.  Scenario  planning  teams  should  seek  law  enforcement  and  intelligence 
community  input  whenever  possible.  For  each  scenario,  the  planning  team  should 
estimate  the  number  of  terrorist  cells,  and  the  size  of  each  cell,  that  would  be  needed  to 
accomplish  the  attack.  Law  enforcement  personnel  should  be  asked  for  their  professional 
judgment  as  to  the  probability  that  the  terrorist  cell(s)  would  be  detected  by  law 
enforcement  or  other  means  during  any  stage  of  planning,  reconnaissance  or  preparation 
before  the  attack.  Planners  should  ask  themselves  and  their  law  enforcement  counterparts 
how  hardened  a  target  would  have  to  be  to  force  the  adversary  into  the  realm  of 
detectability  by  law  enforcement.  The  kind  of  hardening  that  would  increase  the 
probability  of  detection  before  the  attack  consists  of  techniques  or  procedures  that  cause 
one  or  more  of  the  following  effects  for  the  adversary: 

•  Increase  the  amount  of  surveillance  needed  to  plan  the  attack 

•  Increase  the  amount  of  equipment  needed  to  carry  out  the  attack 

•  Increase  the  number  of  attackers  needed  to  carry  out  the  attack 
46  The  9/11  Commission  Report,  383. 
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•  Increase  the  amount  of  coordination  needed  to  plan  and  carry  out  the 
attack 

•  Increase  the  amount  of  time  the  attackers  need  to  carry  out  the  attack 

•  Increase  the  complexity  of  the  attack  so  as  to  decrease  the  probability  of 
its  success 

•  Decrease  the  likelihood  that  an  attack  would  even  be  attempted,  because 
of  the  low  probability  the  attacker  would  achieve  the  desired  consequences 

Fixed  spacing  on  bullets  -  .5  from  left  margin  and  6  pt  after 

As  a  hypothetical  example,  suppose  that  one  attack  scenario  against  an 
unhardened  target  would  require  a  cell  of  five  terrorists  to  conduct  the  planning  and 
operations.  Law  enforcement  experts  might  determine  that  they  would  detect  a  cell  of 
live  terrorists  planning  and  conducting  these  operations  with  a  probability  of  only  15%. 
But  if  the  target  could  be  hardened  to  a  certain  degree,  analysts  might  estimate  that  it 
would  now  require  ten  terrorists  to  accomplish  the  same  attack,  and  that  they  would  have 
to  purchase  and  learn  how  to  use  some  equipment  that  is  relatively  uncommon.  Law 
enforcement  experts  might  decide  their  probability  of  detecting  this  attack  in  the  planning 
or  early  execution  stages  would  jump  to  60%.  In  such  a  case,  the  protection  planners 
might  determine  that  this  amount  of  hardening  would  be  sufficient  according  to  their  risk 
management  approach.  A  collaborative  approach  such  as  this  not  only  helps  design  cost- 
effective  hardening  measures,  it  helps  “tune  the  system”  to  detect  preparations  in  advance 
by  getting  law  enforcement  officials  involved  in  the  planning  stages. 


D.  WARNING 

Our  nation  has  had  too  many  opportunities  to  witness  the  damage  that  can  be 
caused  by  a  traitorous  spy,  someone  the  security  community  refers  to  as  an  “insider.” 
The  damage  caused  by  an  insider  can  be  great,  even  when  information  is  heavily 
compartmented  and  very  few  people  have  access  to  the  “big  picture.”  The  potential 
Achilles’  Heel  of  enhanced  infonnation  sharing  and  collaboration  is  the  malevolent 
insider.  As  we  move  toward  an  environment  where  much  more  sensitive  strategic  and 
tactical  infonnation  is  distributed  to  thousands  of  people  in  many  parts  of  the 
government,  this  increases  the  likelihood  of  an  insider  getting  the  infonnation  and  it 
dramatically  increases  the  amount  of  damage  that  one  malevolent  insider  can  cause. 
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Despite  their  ponderous  inertia,  our  governmental  institutions  are  moving  inexorably  into 
a  more  networked,  collaborative  era,  and  our  insider  protection  and  detection 
technologies  must  not  be  allowed  to  fall  behind.  To  proceed  in  an  unbalanced  fashion 
toward  a  more  networked,  but  inadequately  protected,  environment  is  to  forfeit  to  every 
potential  adversary  the  ultimate  asymmetric  tool  with  which  to  destroy  us  -  our  most 
sensitive  critical  infrastructure  protection  information.  The  very  information  that  has  the 
potential  to  protect  us  can  also  serve  as  the  ultimate  weapon  for  our  adversaries. 
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VII.  APPLICATION  TO  THE  DEPARTMENT  OF  ENERGY47 


Furthermore,  we  made  the  terrible  mistake  ...  of  forgetting  that  a  fine 
deterrent  can  make  a  superb  target.45 

A.  THE  MISSION  OF  THE  DEPARTMENT  OF  ENERGY 

The  United  States  Department  of  Energy  (DOE)  is  charged  with  building  and 
maintaining  the  nation’s  stockpile  of  nuclear  weapons.49  The  DOE’s  protection  planning 
process  for  its  nuclear  facilities  has  evolved  over  many  years  and  is  neither  derived  from 
nor  driven  by  homeland  security  policy.  Instead,  the  policy  requirements  for  the 
protection  of  these  facilities  is  found  in  the  Atomic  Energy  Act,  the  Code  of  Federal 
Regulations  and  internal  DOE  directives.  Even  so,  the  principles  from  the  previous 
chapters  are  so  broadly  applicable  that  they  will  be  used  to  show  areas  where  DOE  could 
improve  its  processes. 

B.  UNIQUE  FACILITIES  -  “WEAPONS  IN  PLACE” 

The  DOE’s  nuclear  weapons  work  is  carried  out  at  several  government-owned, 
contractor-operated  facilities,  as  shown  in  Figure  3.  These  facilities  are  critical  to 
national  security,  not  only  because  of  the  vital  role  they  play  in  maintaining  our  nuclear 
deterrence  capability,  but  also  because  the  information  and  materials  they  protect  would 
be  so  dangerous  if  they  were  to  get  into  the  wrong  hands.  Homeland  Security  secretary 
Michael  Chertoff  s  description  of  certain  facilities  as  “weapons  in  place”  would  certainly 
apply  to  DOE’s  nuclear  facilities.50  “Weapons  in  place”  is  a  phrase  Mr.  Chertoff  used  to 


47  The  author  uses  several  lengthy  quotations  from  official,  open  source,  government  statements  in  this 
chapter  as  a  means  of  ensuring  that  no  classified  or  sensitive  information  is  inadvertently  included. 

48  Wohlstetter,  Pearl  Harbor,  viii. 

49  DOE  accomplishes  this  through  the  semi-autonomous  National  Nuclear  Security  Administration 
whose  Administrator  reports  to  the  Secretary  of  Energy.  Unless  there  is  a  need  to  distinguish  between  the 
roles  of  the  two  organizations  in  this  thesis,  the  two  will  be  referred  to  collectively  as  DOE. 

50  Testimony  of  Hon.  Michael  Chertoff,  Secretary  of  Homeland  Security.  Senate,  Homeland  Security 
and  Governmental  Affairs  Committee.  14  July  2005.  Available  [online]: 
http://www.dhs.gov/dhspublic/display7contentM631/  (accessed  February  3,  2006). 
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describe  facilities  in  which  a  terrorist  could  find  enough  chemicals,  biological  agents  or 
nuclear  materials  to  make  a  weapon  of  mass  destruction  without  having  to  bring  those 
materials  from  the  outside. 


Project  On  Government  Oversight 

Current  Sites  Where  Special  Nuclear  Materials*  Exist 


Idaho  National  Engineering  and  Environmental  Laboratory 

—  and — 


•  Hanford 
Reservation 

—  Richland, 
Washington 


'  Category  I  and  II  weapons  grade  plutonium  and  highly-enriched  uranium 

_ www.pogo.org 


•  Lawrence 
Livermore 
National 
Laboratory 

—  Livermore, 
California 


National  Laboratory 

—  Los  Alamos, 
New  Mexico 


•  Sandia  National  Laboratory 

—  Albuquerque,  New  Mexico 


Nuclear  Products 
Division  of  BWXT 

—  Lynchburg,  Virginia 


Nuclear  Fuel  Services 

-  Erwin,  Tennessee 


Savannah  River  Site 

—  Aiken,  South  Carolina 


•  Nevada 
Test  Site 

—  North  of 
Las  Vegas, 
Nevada 


Oak  Ridge 
National  Laboratory 

—  and— 

Y-12  National 


Security  Complex 

—  Oak  Ridge,  Tennessee 


Figure  3.  DOE  Sites  Containing  Special  Nuclear  Materials 

Source:  http://www.pogo.org/rn/hsp/2005nuclear/NukeX.pdf 

The  Government  Accountability  Office  acknowledged  the  unique  nature  of  these 
facilities  when  they  wrote,  “DOE  has  long  recognized  that  a  successful  terrorist  attack  on 
a  site  containing  the  material  used  in  nuclear  weapons — called  special  nuclear  material — 
could  have  devastating  consequences  for  the  site  and  its  surrounding  communities.  This 
is  particularly  true  at  sites  that  contain  Category  I  special  nuclear  material,  which  consists 
of  specified  quantities  of  plutonium  and  highly  enriched  uranium  in  the  fonn  of 
assembled  nuclear  weapons  and  test  devices,  major  nuclear  components,  and  other  high- 
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grade  materials  such  as  solutions  and  oxides.”51  A  successful  attack  against  one  of  these 
facilities  could  damage  the  ability  to  maintain  the  necessary  level  of  our  nation’s  nuclear 
deterrence,  cause  serious  health  and  environmental  consequences  within  and  beyond  the 
boundary  of  the  site,  and  provide  materials  terrorists  would  need  to  make  multiple 
weapons  of  mass  destruction  which  could  then  be  used  at  multiple  locations.  These 
unique  characteristics  provide  the  justification  for  hardening  these  facilities  to  an 
extraordinarily  high  degree. 


C.  PLANNING  FOR  DOE’S  CRITICAL  INFRASTRUCTURE  PROTECTION 

DOE’s  security  analysis,  planning  and  protection  system  could  be  diagrammed  in 
many  ways  depending  upon  which  element(s)  are  being  emphasized.  Figure  4  puts  the 
vulnerability  assessment  (VA)  analyst  at  the  center  of  the  diagram. 


Figure  4.  DOE  Protection  Planning  and  Testing  Diagram 


51  Testimony  of  Robin  M.  Nazzaro,  U.S.  Congress,  House,  Committee  on  Government  Reform. 
"Several  Issues  Could  Impede  the  Ability  of  DOE’s  Office  of  Energy,  Science  and  Environment  to  Meet 
the  May  2003  Design  Basis  Threat."  22  June  2004. 
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The  term  “analyst”  in  this  case  may  refer  to  a  team  of  analysts  or  to  anyone  who 
is  involved  in  the  planning  and  analysis  process.  These  VA  analysts  are  DOE’s 
equivalent  to  Critical  Infrastructure  Protection  (CIP)  analysts  in  the  field  of  homeland 
security.  The  Protection  Strategy  and  Posture,  shown  in  the  upper  right  corner  of  the 
diagram,  is  the  output  of  the  entire  process  and  is  where  planning  meets  reality.  The 
Protection  Strategy  and  Posture  is  the  reason  for  the  existence  of  the  entire  planning 
system  and  includes  everything  from  the  number  of  protective  forces  and  their  weaponry, 
deployment,  tactics  and  training,  to  the  hardware,  software,  processes  and  personnel  who 
protect  the  valuable  information  and  assets  at  these  facilities.  Figure  4  reveals  a  variety 
of  “inputs”  from  which  the  analyst  must  draw,  as  well  as  the  “outputs,”  or  work  products 
the  analyst  must  produce.  The  “Target  Identification  and  Characterization”  block 
represents  all  of  the  valuable  assets  at  the  facility  that  might  be  potential  terrorist  targets. 
The  “Situational  Awareness”  block  represents  the  analysts’  existing  knowledge,  based 
upon  training,  education  and  life  experiences,  as  well  as  sources  of  fresh  information,  all 
of  which  help  the  analyst  orient  properly  to  the  threat  environment.  Most  of  the  VA 
analyst’s  new  situational  awareness  information  comes  from  open  sources,  although  there 
is  no  supplier  of  such  information  that  develops  information  products  specifically  with 
the  needs  of  VA  analysts  in  mind.  At  very  infrequent  intervals,  typically  two  to  four 
times  per  year,  classified  intelligence  briefings  are  presented  by  DOE  Headquarters  to  its 
field  sites  via  secure  teleconference.  These  briefings,  although  classified,  are  heavily 
sanitized  to  remove  any  information  about  sources  and  methods,  and  seem  to  be  designed 
to  help  the  diverse  audience  get  an  overall  sense  of  what  is  happening  in  the  threat 
environment  rather  than  to  provide  details  on  past  terrorist  attacks  or  details  about  the 
terrorists’  plans  as  described  in  captured  materials  or  through  interviews  with  detainees. 

Of  particular  importance  for  the  purpose  of  this  thesis  is  the  left  hand  side  of 
Figure  4.  The  agencies  which  make  up  the  Intelligence  Community,  shown  at  the  top, 
draw  from  the  available  stream  of  intelligence  infonnation  and  produce  databases  of 
information  as  well  as  finished  reports.  One  such  report  is  the  Defense  Intelligence 
Agency’s  classified  Postulated  Threat  to  U.S.  Nuclear  Weapons  Facilities  and  Other 
Selected  Strategic  Facilities,  usually  referred  to  as  the  Postulated  Threat  Statement.  The 
Postulated  Threat  Statement  provides  threat  information  about  postulated  adversary  team 
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sizes,  characteristics,  capabilities  and  applicability  to  national  security  assets.  The 
Postulated  Threat  Statement  is  based  on  intelligence  information  detailing  actual  terrorist 
attacks  and  the  equipment  and  tactics  utilized  in  the  attacks,  expert  judgments  regarding 
stated  terrorist  intentions  and  the  ability  of  the  terrorist  to  execute  the  stated  objectives, 
and  postulated  capabilities  based  on  the  latest  knowledge  concerning  terrorist  activities.52 

Department  of  Energy  headquarters  uses  the  Postulated  Threat  Statement  to 
develop  two  DOE-specific  documents:  the  Design  Basis  Threat  (DBT)  and  the 
Adversaries  Capabilities  List  (ACL).  These  two  classified  documents  define  the  numbers 
and  types  of  adversaries  against  which  the  site  must  be  prepared  to  defend,  as  well  as 
capabilities  such  as  training  and  equipment  which  those  adversaries  might  be  expected  to 
have  and  use.53  (CIP  analysts  might  want  to  think  of  the  DBT  and  ACL  as  being  roughly 
equivalent  to  an  adversary ’s  version  of  a  Target  Capabilities  List.)  As  mentioned  earlier, 
the  protection  posture  consists  of  the  security  forces,  procedures  and  systems  which  are 
used  protect  against  a  wide  array  of  possible  attacks,  including  cyber  attacks  and 
malevolent  “insiders.”  The  DBT  and  ACL  are  derived  from  intelligence  information,  but 
their  purpose  is  not  to  provide  intelligence  information.  Rather,  they  serve  as  the 
performance  specification  against  which  each  DOE  facility  must  design  and  test  its 
protection  strategy  and  posture.  The  post-9/11  DBTs  have  set  a  very  challenging 
standard  of  protection,  or  hardening,  for  all  DOE  nuclear  facilities,  and  the  amount  of 
hardening  required  is  graded  according  to  the  particular  types  and  quantities  of  materials 
at  a  given  site.  “The  2003  DBT  assumes  that  terrorist  groups  are  the  following:  well 
anned  and  equipped;  trained  in  paramilitary  and  guerrilla  warfare  skills  and  small  unit 
tactics;  highly  motivated;  willing  to  kill,  risk  death,  or  commit  suicide;  and  capable  of 
attacking  without  warning.  Lurthennore,  according  to  the  2003  DBT,  terrorists  might 
attack  a  DOE  facility  for  a  variety  of  goals,  including  the  theft  of  a  nuclear  weapon, 
nuclear  test  device,  or  special  nuclear  material;  radiological,  chemical,  or  biological 


52  Testimony  of  Joseph  S.  Mahaley,  US  Congress,  House,  Committee  on  Government  Reform.  24 
June  2003.  Available  [online]:  http://www.energy.gov/print/2343.htm.  (accessed  January  16,  2006). 

53  Testimony  of  Gene  Aloise,  US  Congress,  House,  Committee  on  Government  Reform.  "Actions 
Needed  by  DOE  to  Improve  Security  of  Weapons-Grade  Nuclear  Material  at  its  Energy,  Science  and 
Environment  Sites."  26  July  2005. 
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sabotage;  and  the  on-site  detonation  of  a  nuclear  weapon,  nuclear  test  device,  or  special 
nuclear  material  that  results  in  a  significant  nuclear  yield.  DOE  refers  to  such  a 
detonation  as  an  improvised  nuclear  device.”54 

Prior  to  the  attacks  of  9/11,  the  most  recently  published  Postulated  Threat 
Statement  was  issued  in  1994  and  was  intended  to  be  used  for  ten  years.55  After  the  9/1 1 
attacks,  updates  to  the  Postulated  Threat  Statement  and  the  DBT  continued  in  parallel  as 
much  as  possible.  The  new  Postulated  Threat  Statement  was  issued  in  January,  2003  and 
the  DBT  followed  on  May  20,  2003.  This  planning  tempo  is  analogous  to  that  of  the 
DoD’s  during  the  Cold  War,  when  the  presumed  adversaries  were  nations  whose 
planning  tempos  were  roughly  equivalent.  DOE  has  hastened  the  pace  of  planning  and 
was  able  to  issue  the  two  most  recent  DBT  updates  within  a  period  of  19  months.  Even 
so,  due  to  the  slow  federal  budget  process  and  the  number  of  years  it  takes  to  get  physical 
upgrades  approved,  designed  and  constructed,  much  work  has  to  be  done  within  DOE 
just  to  comply  with  the  DBT  that  was  issued  in  2003  in  reaction  to  the  attacks  of  9/1 1 . 

Once  a  site’s  protection  posture  is  defined  and  put  into  place,  DOE  maintains  an 
ongoing  process,  shown  in  Figure  4,  of  developing  attack  scenarios,  designing 
performance  tests,  analyzing  potential  upgrades  and  justifying  additional  resources  to 
support  those  upgrades. 


D.  INFORMATION  CONTAINMENT 

That  same  figure  reveals,  however,  that  the  daily  stream  of  intelligence 
information  does  not  make  its  way  to  the  VA  analyst  in  the  field.  The  analyst  might  have 
some  very  general  unclassified  open  source  material  with  which  to  enhance  his  or  her 
situational  awareness  and  provide  new  data  to  spark  imaginative  scenario  development, 
but  there  is  no  formal  mechanism  which  requires  that  all  VA  analysts  be  provided  the 
most  highly  classified  and  up-to-date  intelligence  infonnation.  Some  might  argue  that 
such  access  is  not  necessary  since  the  DBT  was  derived  from  intelligence  infonnation. 

54  Testimony  of  Robin  M.  Nazzaro,  U.S.  Congress,  House,  Committee  on  Government  Reform. 
"Several  Issues  Could  Impede  the  Ability  of  DOE’s  Office  of  Energy,  Science  and  Environment  to  Meet 
the  May  2003  Design  Basis  Threat."  22  June  2004. 

55  Testimony  of  Joseph  S.  Mahaley,  US  Congress,  House,  Committee  on  Government  Reform.  24 
June  2003.  Available  [online]:  http://www.energy.gov/print/2343.htm.  (accessed  January  16,  2006). 
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But  the  DBT  itself  is  two  steps  removed  from  the  actual  intelligence  information,  and  is, 
in  fact,  a  design  specification  rather  than  an  intelligence  report.  Furthermore,  its  update 
frequency  is  measured  in  years  rather  than  days  -  perhaps  appropriate  given  its  purpose 
as  a  design  specification  -  but  the  DBT  is  insufficient  to  meet  analysts’  needs  in  today’s 
threat  environment.  The  significance  of  this  infonnation  gap  is  apparent  when  one 
realizes  that  a  similar  isolation  of  analysts  from  pertinent  intelligence  infonnation 
resulted  in  a  tragic  failure  of  analysis  and  action  within  the  Federal  Aviation 
Administration  (FAA)  before  9/1 1,  as  described  in  Chapter  IV. 


E.  COLLABORATION 

The  limitation  mentioned  above  is  only  one  symptom  of  a  larger  issue,  and  that  is 
the  lack  of  representation  of  field  perspective  in  the  processes  of  intelligence  collection 
and  distribution  as  well  as  in  the  preparation  of  the  Postulated  Threat  Statement  and  the 
DBT/ACL.  Figure  4  reveals  that  the  overall  flow  of  information  that  is  derived  from 
classified  intelligence  is  for  the  most  part,  unidirectional.  There  is  no  formal  structure  to 
ensure  that  field  analysts  provide  feedback  to,  or  request  information  from,  the 
intelligence  community.  This  isolation  means  that  there  is  no  structured  mechanism  to 
promote  robust  collaboration  between  DOE  VA  analysts  and  intelligence  analysts,  and 
therefore,  no  way  to  involve  the  VA  analysts  in  the  intelligence  cycle  recommended  by 
the  9/11  Commission  and  described  in  Chapter  VI.  The  purpose  of  establishing  this 
relationship  is  not  to  fulfill  any  optimistic  notion  that  it  would  lead  to  advance  warning  of 
the  date  and  time  of  an  impending  attack.  The  characterization  of  the  low-signature 
threat  in  Chapter  2  should  be  sufficient  to  inform  us  that  the  advance  notice  of  an  attack 
would  be  extremely  unlikely  and  should  not  be  counted  upon.  Instead,  the  interaction 
between  the  VA  and  intelligence  analysts  would  serve  the  following  two-fold  purpose: 

•  Establish  a  collaborative  environment  for  scenario  development  and 
intelligence  tasking  to  enable  all  parties  to  gain  a  better  understanding  of 
the  intelligence  collection  needs,  possibilities  and  limitations. 

•  Provide  a  steady  flow  of  information  related  to  the  terrorist  tactics  being 
used  throughout  the  world,  but  especially  in  the  dynamic  environments  of 
Afghanistan  and  Iraq,  where  the  terrorists  are  constantly  refining  their 
operational  and  tactical  techniques  to  overcome  new  counter-insurgency 
initiatives  of  coalition  forces.  Such  detailed  information  might  very  well 
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contain  subtleties  that  could  have  significance  only  to  a  field  VA  analyst 
who  could  immediately  put  the  information  to  use. 


A  simple  modification  to  the  previous  diagram  shows  the  recommended 
connections  that  would  cultivate  the  benefits  of  information  sharing  and  collaboration. 
The  changes  indicated  by  the  red  arrows  in  Figure  5  would  allow  the  VA  analysts  in  the 
field  to  get  relatively  unfiltered  information  about  current  and  potential  terrorist  tactics  at 
the  same  time  that  headquarters  receives  that  information.  This  modification  would 
move  toward  a  more  networked  environment  with  better  timeliness  of  information. 


>  >  >  >  STREAM  OF  INTELLIGENCE  DATA  >  >  >  > 


Target  I.D.  & 
Characterization 


Budget 

Approval 


Figure  5.  DOE  Planning  Diagram  Showing  Recommended  Changes 


48 


F.  INCREASING  THREAT 

One  additional  reason  that  such  interaction  between  the  VA  and  intelligence 
analysts  is  crucial  is  that  post-9/1 1  versions  of  the  DBT  “significantly  increased”  the  size 
of  the  adversary  force  that  must  be  successfully  countered.56  The  significance  of  this  fact 
is  that  the  number  and  complexity  of  possible  attack  scenarios,  and  therefore  the 
challenge  of  defending  against  those  scenarios,  increases  exponentially  as  the  adversary 
numbers  and  capabilities  increase.  A  strong,  collaborative  atmosphere  is  therefore 
essential  to  generate  and  assess  the  myriad  new  attack  scenarios  that  would  not  have  been 
possible  with  the  smaller  attacking  force  described  in  previous  DBTs. 

Before  9/11,  when  the  number  of  adversaries  against  which  DOE  sites  had  to 
defend  was  significantly  lower  and  the  complexity  of  potential  attack  scenarios  was  less 
challenging,  it  is  quite  possible  that  the  infrequently  updated  Postulated  Threat 
Statements,  DBTs  and  ACLs  provided  adequate  infonnation  for  the  VA  analysts.  With 
the  dramatic  post- 9/11  increases  in  both  the  DBT  and  ACL  however,  the  VA  analysts 
need  all  the  infonnation  they  can  get  to  help  them  think  of  new  attack  scenarios.  The 
purpose  is  not  to  exceed  the  bounds  set  by  the  DBT  and  ACL,  but  to  be  able  to  think  of 
the  vastly  greater  number  of  challenging  scenarios  that  fall  within  DBT  parameters,  and 
to  design  protection  measures  that  would  defend  against  many,  rather  than  just  one  or  a 
few,  attack  modes. 

Security  managers  at  DOE  headquarters  would  be  justifiably  concerned  at  this 
suggestion,  thinking  that  the  analyst’s  imaginations  might  run  wild  with  too  much  new 
information.  But  the  interaction  between  the  VA  and  intelligence  analysts  would  provide 
strong  justification  for  ensuring  that  “wild”  scenarios  were  documented  and  removed 
from  further  consideration,  thereby  eliminating  the  possibility  of  spending  resources 
unwisely.  The  synergy  that  could  be  developed  between  the  two  groups  of  analysts  could 
conceivably  help  identify  relatively  inexpensive  modifications  to  current  procedures  or 
structures  (analogous  to  hardened  cockpit  doors)  that  would  help  reduce  vulnerabilities  to 
scenarios  that  might  not  have  been  thought  of  otherwise. 

56  Testimony  of  Glenn  S.  Podonsky,  US  Congress,  House,  Subcommittee  on  National  Security, 
Emerging  Threats,  and  International  Relations.  “Readiness  of  Department  of  Energy  Protective  Forces.” 
26  July  2005. 
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Finally,  intelligence  reports  can  contain  information  that  might  never  find  its  way 
into  a  design  specification  such  as  the  DBT/ACL,  but  which  would  be  very  important  for 
a  field  analyst  to  know.  Referring  back  to  Colonel  Boyd’s  OODA  diagram  in  Chapter  4, 
each  analyst’s  orientation  mechanism  causes  them  to  see  information  in  unique  ways. 
The  intelligence  collector  outside  of  DOE,  the  DOE  intelligence  analyst  and  the  DOE 
field  analyst  each  might  gain  something  different  from  the  same  intelligence  report.  An 
element  of  data  that  might  seem  insignificant  to  one  could  be  of  tremendous  significance 
to  another.  A  subtle  change  in  terrorist  attack  tactics  in  Iraq,  for  example,  might  pass 
without  notice  in  the  mind  of  an  intelligence  collector,  but  could  have  serious 
implications  to  a  field  analyst  because  of  a  particular  facility  feature  or  vulnerability  that 
only  that  analyst  would  know  about. 


G.  HOW  MUCH  IS  ENOUGH  IN  THE  DEPARTMENT  OF  ENERGY? 

The  DOE  nuclear  field  sites  do  not  participate  in  the  second  and  third  steps  of  the 
9/1 1  protocol;  that  is,  they  do  not  generate  adversary  “target  capabilities  lists”  based  upon 
the  scenarios  they  have  developed,  nor  do  they  seek  intelligence  collection  against  those 
lists.  There  is  no  mechanism  in  place  to  allow  or  cause  this  collaboration  to  occur.57  It  is 
useful  to  consider  whether  this  apparent  deficiency  really  matters.  After  all,  if  any 
scenario  falls  within  the  bounds  of  the  DBT/ACL,  then  the  sites  are  required  to  be 
prepared  to  defend  themselves  against  that  scenario.  It  would  be  pointless,  one  could 
argue,  to  ask  the  intelligence  community  to  gather  information  on  potential  attack 
preparations  if  the  sites  are  already  supposed  to  be  able  to  defend  against  that  scenario. 
The  problem  with  this  argument  is  that  it  leaves  site  managers  without  a  collaboration- 
enhanced  means  of  prioritizing  their  own  security  upgrades,  and  it  leaves  headquarters 
managers  in  an  even  more  difficult  situation  since  they  must  prioritize  all  the  security 
upgrade  requests  from  multiple  sites  across  the  entire  DOE  complex.  A  collaborative 
effort  between  the  VA  and  intelligence  analysts  is  needed  to  help  sort  through  the 
scenarios  and  detennine  which  ones  are  most  likely  to  occur  based  upon  current 
information.  The  second  problem  with  this  situation  is  the  absence  of  the  second  step  of 

57  Some  components  of  this  security-intelligence  interaction  might  be  occurring  internally  at  DOE 
headquarters,  but  it  is  not  apparent  to  the  field  sites,  nor  is  field  site  perspective  part  of  the  discussion. 
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the  9/11  Commission’s  recommended  approach.  This  failure  to  seek  information  about 
potential  terrorist  preparations  for  attack  deprives  the  intelligence  community  of  a  good 
source  of  potential  tasking  ideas  that  could  “tune  the  system”  to  discover  of  an  attack 
during  the  planning  and  preparation  stages.  Furthermore,  site  analysts  might  help 
generate  ideas  for  new  intelligence  collection  capabilities  that  do  not  yet  exist,  but  which 
could  provide  valuable  information  to  enhance  preparedness.  Finally,  as  adversary 
numbers  and  capabilities  have  increased  in  the  DBTs  and  ACLs  since  9/11,  and  the 
number  of  challenging  scenarios  has  risen  exponentially,  it  is  difficult  or  impossible  to 
know  whether  the  most  challenging  ones  have  been  thought  of  yet.  The  sites  then  find 
themselves  at  the  mercy  of  inspectors  and  review  teams  who  test  the  site’s  defenses  using 
their  own  favorite  scenarios.  But  there  is  no  reason  to  believe  that  the  pet  scenarios  of  a 
review  team  are  any  more  or  less  likely  to  occur  than  the  site’s  own  scenarios. 


H.  A  PROPOSED  MECHANISM  TO  START  COLLABORATION 

This  vast  multiplication  of  potential  scenarios  is  just  one  more  reason  that  it  is 
essential  for  the  analysts  to  get  unfiltered  data  on  a  regular  basis.  This  could  be  done  by 
requiring  each  analyst  to  spend  hours  in  front  of  a  computer  screen  each  week,  looking 
through  hundreds  of  intelligence  reports.  Since  VA  analysis  time  is  in  short  supply  these 
days,  this  would  not  be  an  effective  use  of  resources.  It  would  be  better  to  have  regular 
collaborative  meetings  between  intelligence  and  VA  analysts.  As  those  two  groups  begin 
to  understand  the  information  needs  and  capabilities  of  each  other,  the  intelligence  office 
at  DOE  headquarters  would  be  able  to  produce  or  acquire  intelligence  products  that 
would  be  tailored  to  the  needs  of  the  field  analysts.  Even  so,  the  analysts  should  always 
have  on-demand  “pull”  access  to  all  information  that  might  be  of  use  so  they  can  look  for 
new  technical,  tactical  and  political  developments  that  could  impact  their  ability  to 
defend  against  the  terrorist  threat. 

One  mechanism  that  might  fulfill  this  purpose  would  be  the  existing  Vulnerability 
Assessment  Technical  Working  Group  (VATWG),  sponsored  by  DOE  headquarters.  The 
VATWG  consists  of  a  subset  of  the  site  VA  analysts  who  meet  once  or  twice  each  year  to 
discuss  the  VA  process,  usually  in  an  unclassified  meeting  room.  These  meetings  could 

be  turned  into  collaborative  events  with  intelligence  analysts  and  others  who  should  be 
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involved.  All  VATWG  participants  should  be  cleared  for  SCI  infonnation,  and  the 
meeting  should  be  held  in  an  environment  where  classified  information  could  be 
discussed.  As  discussed  in  the  previous  chapter,  however,  this  collaboration  must  be 
carefully  planned.  Simply  mandating  collaboration,  without  first  engendering  the  vision 
for  it,  is  likely  to  result  in  a  cynical  and  detrimental  reaction. 


I.  SUMMARY 

The  Department  of  Energy  has,  over  many  years,  created  a  profoundly  effective 
approach  for  hardening  its  sites  against  terrorist  attacks.  As  the  threat  becomes  more 
challenging  however,  DOE  must  continue  to  look  for  opportunities  to  increase 
collaboration  among  all  who  could  contribute  to  the  security  planning  process,  and 
should  seek  to  develop  a  “common  operating  picture”  among  all  analysts  and  managers. 
Information  sharing  should  be  dramatically  escalated  and  focused  on  the  needs  of  the  site 
analysts.  A  highly  collaborative  group  should  be  used  to  help  prioritize  scenarios  and 
proposed  upgrades  at  each  site  and  across  the  DOE  complex.  This  would  strengthen  the 
basis  for  DOE’s  security  budget  requests  and  bring  more  focus  to  the  vulnerability 
assessment  and  intelligence  collection  processes  in  support  of  the  nuclear  weapons 
complex. 
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VIII.  CONCLUSION 


If  the  study  of  Pearl  Harbor  has  anything  to  offer  for  the  future,  it  is  this: 

We  have  to  accept  the  fact  of  uncertainty  and  learn  to  live  with  it.  No 
magic,  in  code  or  otherwise,  will  provide  certainty.  Our  plans  must  work 
without  it.58 

Our  adversaries  have  many  ways  to  continuously  probe  our  open  society  with 
relative  safety  and  anonymity  as  they  gain  a  better  understanding  about  the  operation  of 
our  critical  infrastructure  and  protection  measures.  We  must  be  just  as  aggressive  in  our 
probing  to  find  out  what  they  are  learning,  how  they  are  applying  their  knowledge  to 
overcome  our  defenses,  and  what  they  are  thinking  about  doing  to  harm  us  in  the  future. 

Critical  Infrastructure  Protection  analysts  must  carefully  analyze  their  own 
connectedness  to  the  sources  of  information  and  collaboration  that  will  maximize  their 
situational  awareness  and  “orientation.”  This  should  include  sources  who  can  help  them 
identify  and  challenge  internal  biases  that  limit  their  ability  to  properly  interpret  new 
information.  Managers  who  oversee  the  work  of  CIP  analysts  must  do  the  same,  and 
ensure  their  analysts  are  not  too  inwardly  focused. 

All  CIP  analysts  must  put  the  9/11  Commission’s  targeted  intelligence  collection 
process  to  work,  even  if  it  is  on  a  small  scale.  The  Department  of  Homeland  Security  has 
published  a  set  of  national  planning  scenarios,  but  it  is  up  to  the  CIP  analyst  to  use  a 
variety  of  sources  to  help  them  come  up  with  specific  attack  modes  that  fit  in  with  those 
planning  scenarios.  Only  then  can  the  analysts  begin  to  develop  a  conceptual  version  of  a 
terrorist’s  “target  capabilities  list”  and  then  request  collection  of  intelligence  against 
those  lists,  where  possible.  Collaboration  with  intelligence  personnel  in  this  process  can 
help  prioritize  the  risks  and  show  where  resources  are  most  urgently  needed  to  ensure 
preparedness. 


^8  Wohlstetter,  Pearl  Harbor,  401. 
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Analysts  must  seek  innovative  ways  to  harden  and  monitor  our  nation’s  critical 
infrastructure  in  order  to  raise  the  risk  of  exposure  for  the  planners  of  terrorism.  Analysts 
must  also  keep  their  law  enforcement  contacts  informed  about  possible  scenarios  so  they 
might  be  better  attuned  to  the  significance  of  new  information  they  find  during  their  law 
enforcement  activities. 

Finally,  analysts  and  their  managers  should  take  to  heart  the  9/11  Commission’s 
criticism  that  the  greatest  failure  which  pennitted  the  events  of  September  11,  2001  to 
occur  was  the  failure  of  imagination.  An  organization  cannot  be  expected  to  create 
imagination  where  it  does  not  exist  nor  enforce  its  effective  use.  But  any  organization 
can  at  least  institutionalize  the  process  of  fostering  a  collaborative  environment  and 
providing  a  rich  and  steady  stream  of  information  with  which  to  cultivate  imagination. 
Measures  such  as  the  ones  presented  in  this  thesis  cost  very  little  to  implement  and  can 
increase  synergy  and  camaraderie  within  the  intelligence  and  CIP  analyst  communities, 
enhance  the  analysts’  situational  awareness,  improve  their  ability  to  develop  imaginative 
yet  realistic  scenarios  (including  a  greater  ability  to  prioritize  scenarios  and  eliminate 
unrealistic  ones),  improve  the  kinds  of  performance  tests  they  use  to  measure  the 
effectiveness  of  their  protection  strategies,  and  improve  their  ability  to  justify  protection 
upgrades. 

This  thesis  ends  as  it  began  -  with  a  reminder  from  the  9/11  Commission  that  a 
rededication  to  preparedness  is  perhaps  the  best  way  to  honor  the  memories  of  those  we 
lost  on  September  11,  2001.  We  cannot  succeed  in  the  mission  of  preparedness  by 
mandating  collaboration  and  infonnation  sharing.  Instead,  we  must  make  every  effort  to 
ignite  within  others  the  vision  of  what  can  be  gained  through  effective  co-laboring  and 
information  sharing.  Only  then  will  we  see  the  formation  of  a  cadre  of  impassioned 
preparedness  planners  who  will  not  rest  until  they  see  that  vision  become  a  reality 
through  the  constant  improvement  of  our  processes,  our  collaboration  and  ourselves. 
May  we  never  grow  weary  in  this  great  endeavor. 
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